Proposal for an extension of http/HTML to migiate XSS threats
A page that uses xsrf to digg itself
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token:
Thor is Internet Explorer driven tool for manual web application testing.