A big list of usefull Web-App-Sec Papers
SQL Injection
Wikipedia
http://en.wikipedia.org/wiki/SQL_injection
SQL Injection Attacks by Example
http://unixwiz.net/techtips/sql-injection.html
OWASP
http://www.owasp.org/index.php/SQL_injection
SQL Injection Walkthrough http://www.securiteam.com/securityreviews/5DP0N1P76E.html
SQL Injection Attacks - Are You Safe?
http://www.sitepoint.com/article/sql-injection-attacks-safe
Spidynamics- MSSQL
http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf
Blind SQL Injection
http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
NextGenss - Advanced SQL Injection
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
NextGenss - More Advanced SQL Injection
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf
SQL Server Blind SQL Injection
http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html
Blind SQL Injection - Automation Techniques
http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdf
Introduction to SQL Injection Attacks for Oracle Developers" - Integrigy
http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf
Manipulating SQL Server Using SQL Injection
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf
Using binary Search with Sql injection
http://shh.thathost.com/text/binary-search-sql-injection.txt
SQL-INJECTION USING THE MySQL(and others) char() SYNTAX
http://www.websec.org/papers/charinjection.txt.html
Cross Site Scripting (XSS)
XSS Video Tutorial
http://www.virtualforge.de/vmovie/xss_lesson_1/xss_selling_platform_v1.0.html
XSS Cheat Sheet
http://ha.ckers.org/xss.html
XSS Exploit Database
http://www.gnucitizen.org/xssdb/application.htm
XSS Attacks Mirror
http://www.xssed.com/
XSS FAQ
http://www.cgisecurity.com/articles/xss-faq.shtml
Spidynamics XSS paper
http://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdf
Advanced XSS
http://www.net-security.org/dl/articles/AdvancedXSS.pdf
Realworld XSS
http://www.net-security.org/dl/articles/XSS-Paper.txt
Wikipedia XSS
http://en.wikipedia.org/wiki/Cross-site_scripting
OWASP XSS
http://www.owasp.org/index.php/XSS
OWASP XSS Testing
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting
OWASP Reviewing Code for Cross-site scripting
http://www.owasp.org/index.php/Reviewing_Code_for_Cross-site_scripting
Cross Site Request Forgery
TOO MANY LINKS TOO MANY
TOO MANY LINKS
TOO MANY TAGS
WHAT LANGUAGE??