An open webservice, that let cute little XSSler store their stolen session credentials
Browser based tool for website XSS testing
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token:
MySpace XSS reloaded. Making money with XSS