Developer guide to avoid XSS code
Beyond XSS (Cross Site Scripting) Cheat Sheet
An open webservice, that let cute little XSSler store their stolen session credentials
An open webservice, that let cute little XSSler store their stolen session credentials
Browser based tool for website XSS testing
Browser based tool for website XSS testing
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token: