David Litchfield

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

David Litchfield (born 1975) is a security expert from the United Kingdom. Anne Saita, writing for Information Security magazine, called him along with his brother Mark Litchfield, "World's Best Bug Hunters" in December, 2003.[1] Also in 2003 his sister Amelia Litchfield was born.

Computer security[edit]

Litchfield has found hundreds of vulnerabilities in many popular products, among which the most outstanding discoveries in products by Microsoft, Oracle and IBM. At the Blackhat Security Briefings in July 2002 he presented some exploit code to demonstrate a buffer overflow vulnerability he had discovered in Microsoft's SQL Server 2000. Then six months later, on 25 January 2003, persons unknown used the code as the template for the SQL Slammer Worm.[2]

After several years in vulnerability research, Litchfield made a move into Oracle forensics and has documented how to perform a forensic analysis of a compromised database server in a series of white papers – Oracle Forensics Parts 1 to 6.[3] He is in the process of researching and developing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S).[4]

Business and researcher[edit]

Litchfield founded a company named Cerberus Information Security which was acquired by @stake in July 2000. A year and a half later he founded Next Generation Security Software (NGS) with three colleagues and his brother Mark and his father from @stake.

Under his leadership NGS won many top business and technical awards. These include the Queen's Award for Enterprise in 2007 awarded at Buckingham Palace by the Queen, Winner of the International Trade Award for Innovation in 2008 awarded at the House of Lords, Winner of the SC Award for Best Security Company in Europe in 2008 and Runners Up in 2007, as an individual David won the award for the Entrepreneur of South London in 2007 with many more other awards.

He is the author of various software packages, and also of many technical documents on security issues. He is the author of the Oracle Hacker's Handbook and is a co-author of the Database Hacker's Handbook, the Shellcoder's Handbook and SQL Server Security. He was also a contributing author for Special Ops.

David Litchfield is currently the Director of Information Security Assurance for Apple.


  1. ^ Saita, Anne (2003) Best Bug Hunters. Infosecuritymag.techtarget.com. Retrieved on 2 January 2014.
  2. ^ David Litchfield talks about the SQL Worm in the Washington Post. Archive.cert.uni-stuttgart.de (29 January 2003). Retrieved on 2 January 2014.
  3. ^ Oracle Forensics and Incident Response. databasesecurity.com
  4. ^ Gray, Patrick (29 May 2007) Owning database forensicsy. theage.com.au.

External links[edit]