Further reading for the guest lecture I'm giving at Otago Polytechnic today:
The talk I'm not giving: OWASP Top 10
Tools: FireBug, TamperData, Python.
The Myspace Worm, and Samy
Kamkar's own explanation of the exploit.
Halvar Flake's Programming and state machines, which is where I first saw the term "programming the weird machine".