Some additional vulnerability spotted:
Site is also more vulnerable to Ddos attacks, because we see: Operation is not valid due to the current state of the object.
(for this see the info from the asafaweb scan results - -http://beng.liuti.cn/ (POST 1,001 params) (exeeded total params).
This error occurs when form fields are very large in numbers.
By default, the maximum value of MaxHttpCollection is 1000.
Can be remedied by <appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="2001" />
</appSettings>
Info Credits go to CodeProject's Sarvesh Kumar Gupta,
polonus