Just watched a great video by Mike Andrews called How To Break Web Software - A look at security vulnerabilities in web software.
Mike talks about cross-site scripting (XSS), session hijacking, HTTP response splitting and other things. He shows how easy it is to construct such attacks and ways you can prevent them.
Check it out for yourself here.