A security researcher known by the nickname percidae has drawn my attention to the Angular compilations. By bundling a single page application without code splitting, SPAs can make the job for penetration testers easier. This talk will look into an Angular app and highlight areas, where means for performance optimisation can lead to a more secure app. At the end of the presentation you should have a good understanding about how to read a webpack compilation for a SPA. You will know where to look for your own code and what webpack pulls in in addition. Other SPA frameworks could be affected as well, but are out of scope given the time constraint of this presentation. Subtitles will be provided after the event as .srt if I can find the time. Otherwise I encourage you to contact me and I'll send them. Accessibility is a human right.