One can hit expensive URLs like Download URLs or exploit an expensive WCF service to cause high CPU usage and bring down the service.One can open too many parallel connections and stop IIS from accepting more connections.
Check listed tool/vendor sites for latest product capabilities, supported platforms/servers/clients, etc; new listings are periodically added to the top of each category section; date of latest update is shown at bottom of this page.
Also see Web Site Testing FAQ in the FAQ Part 2 for a discussion of web site testing considerations; also see What's the best way to choose a test automation tool?
They need proper Web Application Firewall (WAF), which can inspect exactly what is being done on the application and block malicious transactions, specific to the application being protected.
Nginx (engine x) is such an application that can offer many types of defence for ASP.
Therefore the file needs to first be uploaded to the server and then validated by some custom implementation of such functionality.