Speakers: Nahuel D Sanchez and Sergio Abraham
Distributed Object or Remote Method Invocation (RMI) frameworks facilitate the remote invocation of methods and creation of objects between systems. Conceptually RMI frameworks are similar to Remote Procedure Call (RPC) platforms. A main difference is that in RMI the client and the server work with the entire object lifecycle (i.e. creation, destruction) whereas RPC is typically limited to remote methods or procedures.
RMI frameworks are interesting because they provide a remote method for object manipulation. Even though Web Services have taken the lead as the de-facto technology for communication in distributed applications, RMI frameworks are still widely used in many applications. Almost every programming language has support for one or, usually, more RMI frameworks. The proliferation of this technology made RMI interfaces very common among all sorts of software, especially across Enterprise Applications, and constitute a fruitful vector from an attacker's point of view.