Single page apps are comprised of one browser-rendered page, linking to a variety of back-end data sources through Application Programming Interfaces (APIs) Airbnb, Pinterest and LinkedIn showcase a new approach to designing and building modern web applications. The rise in misconfiguration particularly in the public cloud requires a brand-new approach to attack surface management (ASM) For SPAs, vulnerabilities begin with the APIs, which serve as the data transport layer that refreshes the SPA. Traditional web security tools such as web application firewalls (WAFs) cannot protect SPAs.
Source: https://www.helpnetsecurity.com/2021/07/02/single-page-web-applications/