1. jqac – Is jQuery plugin for autocomplete. jqac is very easy to implement and has a scrollable suggests list. It also allows for multiple suggests support and is tested in all major browsers.
2. AutoComplete (for Prototype) – This is a script built for the prototype framework and it allows multiple column support. It also is a very nice style built with it.
3. YUI Autocomplete – This script is built with the Yahoo! UI Library. The AutoComplete features navigation of the suggestion box via up/down arrow keys. It is very easy to configure with the Yahoo! UI Library.
4. AJAX autocomplete – Is built with Easy Ajax framework by Jim Roos. It features the the up and down navigation and is fairly easy to implement.
5. Another AutoComplete (prototype) - This prototype framework autocomplete also uses scriptaculous. It has a nice fade in effect when the suggest box appears. It is easy to implement and works with XML data.
6. AutoComplete (mootools) - A MooTools Autocomplete widget that creates a unobtrusive and customizable suggestion box from variable data sources. It also has nice fade in effect.
7. dhtmlxCombo – Is a different from the rest of these. dhtmlxCombo can be used in four modes: an editable select box, a read-only select box, a filter drop down box, and an autocomplete. It also allows for you to add icons to your drop down boxes.
8. AutoSuggest – This AutoSuggest script uses no frameworks. The script allows you to navigate either with the up or down arrows or just click. The script size is under 10k, it even has a fade in effect, and a great 2.0 style.
9. Spry Auto Suggest – This Auto Suggest script is written with Adobe’s spry framework. It has works with all sorts of data formats and languages. It supports keyboard navigation and also allows for multiple suggestions.
10. ASP.Net AutoComplete – This script allows you to add AutoComplete to ASP.Net without using a webservice. This is a great way to add Autocomplete feature to ASP.net

If you would like to add more to this list then please comment below.

ActionScript

• ActionScript Cheat Sheet – Covers everything from ActionScript 2.0 to ActionScript 3.0 and Even Adobe AIR.

Ajax/JavaScript Frameworks

• Prototype Cheat Sheet – Detailed methods and properties of each of the modules within the Prototype JavaScript library.
• Scriptaculous Cheat Sheet – List of the Effects.
• MooTools Cheat Sheet – Details of the MooTools Library.
• jQuery Cheat Sheet – Details of the jQuery Library version 1.2.x.
• YUI Cheat Sheet – This cheat sheet is straight from Yahoo and the download link is at the bottom of the page or you can download the zip file here.

ASP

• ASP/VBScript Cheat Sheet – Everything you want or need to know about ASP and VBScript.

CSS

• CSS level 1 – Includes Fonts, Backgrounds, Text, Box, and Units
• CSS level 2 – Includes Box Model, Print, Fonts, Visual Effects, Pseudo Classes and Elements.
• CSS 2 Quick Reference Guide – Shows you examples on how to use a wide variety of classes
• CSS Cheat Sheet – Lists all selectors (as of CSS 2.1) and properties.
• CSS Property Index – Lists all CSS Properties Alphabetically
• CSS Shorthand Guide – A fairly detailed guide of CSS Shorthand properties

C# and VB.NET

• C# and VB.NET Comparison Cheat Sheet – Cheat sheet that highlights some key syntactical differences between C# and VB.NET.
• C# Basic Reference Sheet – A Brief Cheat sheet to give you the basics of C#.
• VB.NET Basic Reference Sheet – A Brief Cheat sheet to give you the basics of VB.NET.

C++

• C++ Cheat Sheet – This Cheat Sheet shows a list of C++ Containers
• C++ Quick Reference Sheet – Is a Basic Cheat Sheet that doesn’t go that in depth.

JavaScript

• JavaScript Cheat Sheet – The JavaScript cheat sheet is designed to act as a reminder and reference sheet, listing methods and functions of JavaScript.
• JavaScript Quick Reference – Consists of the JavaScript and Browser Objects Quick Reference.
• Regular Expressions for JavaSript – Excerpts of the VisiBone JavaScript references

SQL

• SQL Cheat Sheet – A very Basic SQL Cheat sheet but gives you all the necessary data.
• SQL Server Cheat Sheet – Cheat Sheet to Microsoft’s SQL Server.
• MySQL Cheat Sheet – A quick reference guide for MySQL, including functions (both in MySQL and PHP), data types, and sample queries.

PHP

• PHP Cheat Sheet – This is an in depth cheat sheet for PHP.
• PHP Reference Sheet – This Sheet gives you basic functions for PHP but useful.

If you have any more to add to this list than please comment below. Also if you would like other languages added please comment below

Below you’ll find a list of the sites I’ve visited to learn more about Javascript and AJAX security. Please let me know through email or a comment if you know of any other great security resources, and I’ll be glad to post them. Most of the descriptions below are taken from the developers of the example. Thanks, Max.

AJAX Security Articles

Ajax Security: Stronger than Dirt?
“Ajax allows the development of more feature rich, asynchronous applications, but in doing so opens up new possibilities for attackers. We look at the relevant security issues and their possible solutions. Ajax (Asynchronous JavaScript and XML) lurched into being in 2005. As a web services model, Ajax is touted as the next big thing by many who work in web development. Like all big things however, Ajax is not without its faults, one of the most pronounced being that not many people actually know what Ajax is, and what potential risks could be introduced into enterprise environments by embracing it. This article examines what Ajax is, the security implications for Ajax applications, and details a range of potential attack vectors against this technology together with possible defences.”

Developers Warned to Secure AJAX Design
“Security firm Fortify Software has stepped forward to warn Web site developers that most frameworks for deploying interactive functionality use JavaScript in a way that could lead to their applications leaking user data. The problem, dubbed JavaScript hijacking by the firm, occurs because popular asynchronous JavaScript and XML (AJAX) toolkits use the scripting language as a transport mechanism without due consideration to security. The basic threat is that malicious Web sites could use cross-site request forgery (XSRF) to steal data from other AJAX-enabled Web applications, Fortify stated in a report released on Monday.”

JSON is Not As Safe As People Think It Is
“I saw some discussion recently about using JSON for secured data, and I’m not sure that everyone understands the risks. I believe that JSON is unsafe for anything but public data unless you are using unpredictable URLs. There are 2 problems. CSRF (Cross Site Request Fogery) allows attackers to bypass cookie based authentication. I blogged about it a while ago. Wikipedia talks about it. CSRF allows you to invoke cookie protected actions on a remote server. It allows Mr. Evil to trick Mrs. Innocent into transferring money from her bank account into his. Far less known perhaps, is the JSON/Array hack that allows a user to steal JSON data on Mozilla and any other platform with a modern JavaScript interpreter.”

Myth-Busting AJAX (In)security
“The hype surrounding AJAX and security risks is hard to miss. Supposedly, this hot new technology responsible for compelling web-based applications like Gmail and Google Maps harbors a dark secret that opens the door to malicious hackers. Not exactly true. Even the most experienced website developers and security experts have a difficult time cutting through the buzzword banter to find the facts. And, the fact is most websites are insecure, but AJAX is not the culprit. Although AJAX does not make websites any less secure, it’s important to understand what does.”

New chapter and verse on Ajax Security
“The increased use of Ajax has brought to the forefront concern about its security. Recognizing that this is an issue, the Open Web Application Security Project (OWASP) is updating its Guide to Building Secure Web Applications to include a separate chapter on Ajax. Andrew van der Stock, who is heading the Guide project and who also wrote the Ajax chapter, spoke with SearchAppSecurity.com recently about Ajax security and what risks developers need to be concerned about.”

The Cross Site Scripting (XSS) FAQ
“Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites suffer from a threat that static websites don’t, called “Cross Site Scripting” (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.”

Top 10 Ajax Security Holes and Driving Factors
“One of the central ingredients of Web 2.0 applications is Ajax encompassed by JavaScripts. This phase of evolution has transformed the Web into a superplatform. Not surprisingly, this transformation has also given rise to a new breed of worms and viruses such as Yamanner, Samy and Spaceflash. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the last few months. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation.”

AJAX Security Tools

AJAX Secure Service Layer
“We see it all around us, recently. Web applications get niftier by the day by utilising the various new techniques recently introduced in a few web-browsers, like I.E. and Firefox. One of those new techniques involves using Javascript. More specifically, the XmlHttpRequest-class, or object.”

AJAX: Is Your Application Secure Enough?
“aSSL is a library distributed under MIT License thats implements a technology similar to SSL without HTTPS. aSSL enables the client to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once the connection has been established, the data will be sent and received using AES algorithm. aSSL is composed of some Javascript files and a server side component. Because I have recently changed the negotiation algoritm from RC4 to RSA, only a pure Javascript (ASP) server component is currently available. I will do a porting for the main web languages (PHP, Java, Perl, Python, TKL, etc.) as soon as possible once the library has passed the beta phase.”

How to Protect a JSON or Javascript Service
“There have been lots of explanations recently of the dangers of JSON or JavaScript remoting. This post is about what you can do to protect your scripts.”

DOM Security

DOM Based Cross Site Scripting or XSS of the Third Kind
“We all know what Cross Site Scripting (XSS) is, right? It’s that vulnerability wherein one sends malicious data (typically HTML stuff with Javascript code in it) that is echoed back later by the application in an HTML context of some sort, and the Javascript code gets executed. Well, wrong. There’s a kind of XSS which does not match this description, at least not in some fundamental properties. The XSS attacks described above are either “non-persistent”/”reflected” (i.e. the malicious data is embedded in the page that is returned to the browser immediately following the request) or “persistent”/”stored” (in which case the malicious data is returned at some later time). But there’s also a third kind of XSS attacks – the ones that do not rely on sending the malicious data to the server in the first place! While this seems almost contradictory to the definition or to common sense, there are, in fact, two well described examples for such attacks. This technical note discusses the third kind of XSS, dubbed “DOM Based XSS”. No claim is made to novelty in the attacks themselves, of course, but rather, the innovation in this write-up is about noticing that these belong to a different flavor, and that flavor is interesting and important.”

General Client-Side Component Security

Hacking Web 2.0 Applications with Firefox
“AJAX and interactive web services form the backbone of “web 2.0″ applications. This technological transformation brings about new challenges for security professionals. This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins.”

Prepare for Attack!–Making Your Web Applications More Secure
“Arm yourself and prepare for battle! This post is intended as a reminder about the possible security attacks your Web application may be vulnerable to. While it is not meant as a comprehensive guide to Web-application security, it can give you some ideas on how to better protect your applications.”

XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack
“Cross site scripting (XSS) errors are generally considered nothing more than a nuisance — most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to “shell” access to the web server.”

Vulnerability Scanning Web 2.0 Client-Side Components
“Web 2.0 applications are a combination of several technologies such as Asynchronous JavaScript and XML (AJAX), Flash, JavaScript Object Notation (JSON), Simple Object Access Protocol (SOAP), Representational State Transfer (REST). All these technologies, along with cross-domain information access, contribute to the complexity of the application. We are seeing a shift towards empowerment of an end-user’s browser by loading libraries.”

Javascript Security Articles

Community Creators, Secure Your Code!
“Personalization is a great feature–it allows users to make their personal pages come to life by adding colors, pictures, and even sound–but as with any user input, it is a security threat if not properly sanitized. The creation of a secure online community is a balancing act: your users should be able to personalize their pages using pseudo code or actual HTML, while remaining protected from vandals who might inject malicious JavaScript or otherwise cause harm. One piece of the larger security puzzle is cross-site scripting (XSS). In part one of this two-article series, we will look at various XSS techniques you should be aware of, and at common methods of defending your community against them. In part two, we’ll use real-world examples to explore these techniques in greater detail.”

Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
“Imagine visiting a blog on a social site or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours. This scenario is no longer one of fiction. ”

Javascript Security Tools

Javascript Security Tutorial
“JavaScript has its own security model, but this is not designed to protect the Web site owner or the data passed between the browser and the server. The security model is designed to protect the user from malicious Web sites, and as a result, it enforces strict limits on what the page author is allowed to do. They may have control over their own page inside the browser, but that is where their abilities end.”

Security for GWT Applications
“It is a sad truth that JavaScript applications are easily left vulnerable to several types of security exploits, if developers are unwary. Because the Google Web Toolkit (GWT) produces JavaScript code, we GWT developers are no less vulnerable to JavaScript attacks than anyone else. However, because the goal of GWT is to allow developers to focus on their users’ needs instead of JavaScript and browser quirks, it’s easy to let our guards down. To make sure that GWT developers have a strong appreciation of the risks, we’ve put together this article..”

Preventing Cross Site Scripting Attacks
“Cross site scripting (XSS) is basically using JavaScript to execute JavaScript from an unwanted domain in a page. Such scripts could expose any data in a page that is accessible by JavaScript including, cookies, form data, or content to a 3rd party. Here is how you can prevent your web pages from being exploited on both the client and the server. This is followed with tips on how to avoid vulnerable sites.”

Javascript Encryption

Cryptography: JavaScript MD5
“Over the web, JS cryptography can only protect against passive eavesdropping, as the JavaScript itself is downloaded over an insecure link. If an attacker can modify network traffic, they can make malicious changes to the JavaScript code. In any case, JS interpreters are not designed for secure programming. They may leave sensitive information lying about in memory. They’re too slow for some algorithms, e.g. BSD-style MD5 passwords, or RSA with full-size keys. Bitwise operations are buggy in several implementations.”

JavaScript Encryption Program
“This page includes an open source JavaScript implementation of the RC4, AES, Serpent, Twofish, Caesar and RSA ciphers. Ciphers can encrypt and decrypt information such that persons who do not know the password (the decryption key) can not read it. The implemented ciphers are strong enough to protect important information such as your passwords and PIN numbers. “