Security Assessing Java RMI

This is the video of the presentation titled "Security Assessing Java RMI" given by  Adam Boulton at AppSec 2008.

Talk Description: The talk will describe the process for performing a security assessment on Java RMI services, including identifying and making unauthorised calls to the service. There are currently no available tools to perform object and method identification. The techniques described in this talk will be used together with an innovative prototype for an RMI assessment tool to demonstrate how an RMI service can be interrogated and manipulated from a zero knowledge perspective.

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net