This site features an ASP.NET MVC 4 application with the default configuration you'll get from adding a new MVC 4 project in Visual Studio. There are several things you can do to tighten the security over the default configuration, this site demonstrates why it would be a good idea to do so.

In its very first version, this site demonstrates a session fixation attack — a rather simple but powerful attack on ASP.NET applications.

The NWebsec security library helps foil session fixation attacks. To learn more see the main site www.nwebsec.com and the project website nwebsec.codeplex.com.