Today I found a really nice web application security presentation by Joe Walker. Honestly, almost none of it is common sense and I would therefore encourage all web developers to check this out. Also on the same page as the presentation are a number of very good AJAX security links like the XSS (Cross Site Scripting) cheat sheet.
BTW, this type of stuff is touched on in the Brainbench AJAX exam.
Well, OK... there is no comment section. It's not that I don't care what you think, but we all know that one guy in the office who feels the need to peek over the cubicle to contribute unsolicited "help" every time someone says anything about anything and who who feels the need to express himself every time something looks different and gets offended anytime someone expresses discomfort at his constant intrusion and who thinks all his "interesting traits" makes him a "team player". I don't care what HE thinks. He's not welcome here.
Follow me on Twitter instead. Comment there. @netfxharmonics