Legacy Web App Security and Sysinternals at TechEd North America + Europe 2012
The first session is "Sysinternals Primer: Gems", the latest in the Sysinternals Primer series (*).
In the latest edition of the popular Sysinternals Primer series, join Aaron (Mark Russinovich's co-author of The Windows Sysinternals Administrator's Reference) as he goes mining for gems. Uncover buried tips and tricks to get the most out of popular tools such as Process Explorer and Process Monitor. Discover treasures among the least-known Sysinternals utilities -- tools that you would have been using if you had only known about them sooner. The Sysinternals utilities are vital tools for any computer professional on the Windows platform. Mark Russinovich's popular "Case Of The Unexplained" demonstrates some of their capabilities in advanced troubleshooting scenarios. This complementary tutorial series focuses primarily on the utilities themselves, deep-diving into as many features as time will allow.
By the way, Mark Russinovich and I will be at the TechEd US bookstore from 11:30-noon on Wednesday and Thursday to sign copies of our book, Windows Sysinternals Administrator's Reference. Mark will also be signing copies of the brand new Windows Internals, 6th Edition, Part 1 and his novel Zero Day. We'll also have a book signing at TechEd Europe -- date/time to be announced.
The second session I'm delivering is "Defense Against the Dark Ages: Your Old Web Apps Are Trying to Kill You":
The web browser is the primary path that malware uses to get on users' computers. Web browser security (especially Windows Internet Explorer) has improved dramatically in the past few years to defend against evolving threats. However, continuing to build and maintain web apps using old practices defeats many of these improvements and leaves your users' computers more vulnerable than ever. In this session, learn why those formerly accepted (or at least tolerated) practices are surprisingly harmful and now must be updated. Learn ways to update web apps quickly so that you can adopt more secure practices without stopping your business.
For those who have been waiting for the "what do I do now" Part II to my blog post, Enabling “Initialize and script ActiveX controls not marked as safe” in ANY zone can get you hurt, bad, I will talk about and demonstrate an economical but safe solution. It may be the only time in a decade that anyone at a Microsoft conference has demonstrated how Visual Basic 6 might be your best option. (!!!)
(*) Previous Sysinternals Primer sessions are available online: