JSEScanner - JavaScript Port Scanner
A small script that adds some "security by obscurity" to WP in order to make a worm's life somewhat harder
Attacking ASCII based protocolls via HTML forms
Some websec papers on caching issues and new ways for user auth / focusses on phishing and pharming
PHP-Source code for a xss-scanner tool
SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to inject SQL commands on a web page.
(SWAAT) is a free static web application source code auditing tool