Proposals for modifications to OAuth so that I will work better outside of the web browser.
An open webservice, that let cute little XSSler store their stolen session credentials
wow. Check the source, luke
The idea behind the Application Boundaries Enforcer (ABE) module is hardening the web application oriented protections already provided by NoScript, by developing a firewall-like component running inside the browser.
A small script that adds some "security by obscurity" to WP in order to make a worm's life somewhat harder
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token:
Chris Evans on using HTML forms to create cross-domain XML payloads. Some restrictions apply.