David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of the Oracle Hacker's Handbook, the Database Hacker's Handbook and SQL Server Security and is the co-author of the Shellcoder's Handbook. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany.
In 2010, David was listed by CRN as a "Security Superstar" and in 2003 he was voted as the "Best Bug Hunter" by Information Security Magazine. In the same year he discovered and developed two methods to bypass the exploit prevention mechanisms built into Microsoft's Windows 2003 Server and consequently worked with Microsoft to improve them. He has found and helped to fix 24 security flaws in SQL Server, including the vulnerability that was exploited by Slammer, 17 in IBM's DB2, 22 in Informix and, somewhere in the hundreds, has lost count of the number in Oracle. In February 2008 David discovered a new class of vulnerability in Oracle that can lead to "Lateral SQL Injection" and, in the November of 2006, another new class of vulnerability in the same RDBMS that can lead to "cursor snarfing" attacks. Both are general programming flaws, that can lead to data compromise. David pioneered major advancements in Oracle forensics and has authored 7 technical papers since March 2007 on the topic.
David recently founded V3rity, a new venture, that will develop new tools for use in breach investigations. Until February 2010, David was Chief Research Scientist at NGSSoftware, a UK computer security services and software company he founded in 2001. NGSSoftware was acquired by NCC Group in November 2008. In 2007 NGSSoftware was awarded the Queen's Award for Enterprise, and was listed as one of the UK's fasted growing tech companies by both Deloitte and the Sunday Times. NGSSoftware was winner in the Best Security Company category in the 2008 European SC Magazine Awards and runner up in 2007. Previously David was Director of Research at @stake after his first company, Cerberus Information Security, was acquired in July 2000.
In May 2008, David was named the "Entrepreneur of the Year" at the South London Business Awards 2008.
Prior to starting a career in computer security David competed as a track and field athlete for Scotland. He was the Scottish Under 20 Champion for both the long jump and decathlon and is the holder of the Scottish Schools Indoor record for long jump.