David Litchfield

Early Career and Cerberus Information Security

David Litchfield is a British security researcher born in 1975 who established himself early as one of the most prolific vulnerability hunters in the industry. He founded Cerberus Information Security, which was acquired by @stake in July 2000. Following that acquisition, he went on to co-found Next Generation Security Software (NGS) approximately a year and a half later, alongside three colleagues, his brother Mark Litchfield, and his father.

Vulnerability Research

Litchfield has discovered hundreds of vulnerabilities across widely deployed software products, with particularly notable findings in products from Microsoft, Oracle, and IBM. At the Black Hat Security Briefings in July 2002, he presented exploit code demonstrating a buffer overflow vulnerability he had identified in Microsoft SQL Server 2000. Six months later, on January 25, 2003, unknown parties used that code as the basis for the SQL Slammer worm, one of the fastest-spreading pieces of malware recorded at the time.

Following several years focused on broad vulnerability research, Litchfield shifted his attention toward Oracle forensics. He documented methodologies for performing forensic analysis of compromised database servers in a series of white papers titled Oracle Forensics Parts 1 to 6. He also undertook research and development of an open-source tool called the Forensic Examiner's Database Scalpel (F.E.D.S.).

Published Works

Litchfield is the sole author of the Oracle Hacker's Handbook and a co-author of several other widely referenced security texts, including the Database Hacker's Handbook, the Shellcoder's Handbook, and SQL Server Security. He also contributed to Special Ops. Beyond books, he has authored numerous technical white papers and software packages addressing security topics.

Recognition and Awards

In December 2003, Anne Saita, writing for Information Security magazine, named David Litchfield and his brother Mark Litchfield the "World's Best Bug Hunters." Under his leadership, NGS Software earned a range of business and technical honors. These include the Queen's Award for Enterprise in 2007, presented at Buckingham Palace, the International Trade Award for Innovation in 2008 awarded at the House of Lords, and the SC Award for Best Security Company in Europe in 2008, with a runner-up finish in 2007. Individually, Litchfield received the Entrepreneur of South London award in 2007.

Later Career

Litchfield currently serves as Director of Information Security Assurance at Apple, bringing his extensive background in vulnerability research and database security to one of the world's largest technology companies.