Sunday, April 12, 2009

Security Assessing Java RMI

The talk will describe the process for performing a security assessment on Java RMI services, including identifying and making unauthorised calls to the service. There are currently no available tools to perform object and method identification. The techniques described in this talk will be used together with an innovative prototype for an RMI assessment tool to demonstrate how an RMI service can be interrogated and manipulated from a zero knowledge perspective.

OWASP Presentation Slides


Adam Boulton is a Security Researcher for Research In Motion. He graduated from Sheffield Hallam University with a 1st Class BSc (Hons) Software Engineering Degree and is a certified secure code analyst. Adam’s past roles have included that of a Senior Security Consultant and Research Developer for Corsaire, a Software Engineer for the Ministry of Defence and a Virus Analyst for Sophos Plc. At all positions he was heavily involved in Vulnerability Assessments, Software Development, Reverse Engineering and implementing security.


Unfortunately Adam will no longer be releasing the RMI Assessment tools outlined in his OWASP Slides. He recently left Corsaire to joint Research In Motion (Blackberry). The research and tools are Corsaire's intellectual property.

Also, check out the Goggle video of Adam's OWASP Presentation....

No comments:

Post a Comment