A blog post about how someone compromised a group of web apps.

It lists a series of technologies and techniques that the author uses as they progress their investigation.

These would make a useful list of things to know in order to build safe web-apps and not repeat the mistakes of the unfortunate target company.