Provocative: http://wasjournal.blogspot.com/2007/05/xss-in-excess.html

This is a learn XSS tool. I think it is provocative because you have an urge to cause XSS by bypassing least number of filters possible. We had cheat sheets, but no resource where people could ‘try’ different xss vectors. This page presents a XSS hacking contest in itself.

Interesting: http://wasjournal.blogspot.com/2006/12/use-of-time-delay-technique-for.html

This was unique for web app security at the timeof writing ;) (In my opinion)

http://wasjournal.blogspot.com/2006/12/csrf-protection-for-ajax-area-of-web.html

Clever: http://wasjournal.blogspot.com/2007/03/why-web-security-is-hard-to-implement.html

Humor: http://wasjournal.blogspot.com/2007/01/do-you-trust-google-humor-but-idea.html

Creative (Simple but effective) - http://forum.php-ids.org/comments.php?DiscussionID=37&page=1#Item_0

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

Javascript LAN scanner which finds IP’s on a local area network from an external domain, the code will also probe for a router model from a database which is being expanded by the community all the time.

by Gareth Heyes

Here I present a file that will appear diferent depending on which application you open it. As plain text, it will describe how it works, as HTML (with Firefox!), it will define XSS, and as JavaScript it will pop up a simple alert(document.cookie+window.location); XSS PoC. This means that it is a valid txt file, a valid html code, and a valid javascript code.

by sirdarckcat

Hacker, Cracker, Watchman, Spy. Some old-school Valley hackers grew up to be high-tech cat burglars. Some went to work for the man. Some just never grew up.

by David Holthouse