ASP.NET MVC - Think Before You Bind
I don't know about most of you out there, but I know that I am extremely excited about the impending release of ASP.NET MVC. I'm even more curious though about what kind of adoption we are going to start seeing out of the gate, especially being that companies have invested so much money in developers learning ASP.NET Web Forms. There is one thing that could stand in the way of adoption, and that is horror stories coming from early adopters about security issues or flaws in production web applications that were overlooked because developers didn't have to think as much about these kinds of issues in ASP.NET Web Forms.
Most of these issues revolve around escaping output that is going into the HTML and dealing with post data manually. Something that I have been looking at recently is the model binding abilities that ASP.NET MVC provides us. In case you aren't familiar with what I am talking about, it is now possible to tell ASP.NET to bind a class on an action method using a default model binder.