CORS and (in)security
Bug bounty programs
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Description