Pen-testing web apps
A blog post about how someone compromised a group of web apps.
It lists a series of technologies and techniques that the author uses as they progress their investigation.
These would make a useful list of things to know in order to build safe web-apps and not repeat the mistakes of the unfortunate target company.