The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser.
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token:
Online security check for outdated browser plug-ins
Browser based tool for website XSS testing
An open webservice, that let cute little XSSler store their stolen session credentials
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Proposals for modifications to OAuth so that I will work better outside of the web browser.
wow. Check the source, luke