[gregmac]

There's good and bad apps, like most platforms, and it is comparable to PHP from that perspective. Having worked extensively in both, I'd say the general problem with PHP is it's really easy for a beginner to get started, and just easy to grow a small, simple app into a large, functional-but-awful monstrosity.

ASP.NET is really just a foundation layer for a whole bunch of different web frameworks including WebAPI, MVC, RazorPages, Blazor, WCF and WebForms. I'd blame WebForms in particular for a lot of the bad apps: it basically tries to make the web act like stateful Windows Forms apps (literally with controls that have "server-side events" and maintain state across several HTTP requests). As a result, lots of Windows Forms developers could build apps without actually understanding a lot of the complexity of the web and especially its security implications.

[TriNetra]

Perfectly put. Btw, ASPSecurityKit supports MVC/web API/ASP.NET Core/ServiceStack, but not web forms!

More info here: https://aspsecuritykit.net/docs/article/introduction/#suppor...

[thrower123]

I wonder how many WebForms sites have been built new in the past decade?

Probably more than I'd think...

[abgr-y]

exactly ASP.Net is a much more mature framework right now and web forms seems to be the least preferred option to build apps