A run around the OWASP Top Ten These projects deliberately demonstrate insecure coding and configuration practices. Nothing here should be taken as best practice. Whilst the sites are written in asp.net every framework is vulnerable to the demonstrated problems.