Milton Smith

Last updated

Milton Smith
Other names@spoofzu
CitizenshipAmerican
Known for Computer security
Scientific career
Fields Computer security
Institutions Oracle
Yahoo

Milton Smith is an American computer security application developer, researcher, and writer. Smith is best known for his role leading Java platform security at Oracle during a period of high-profile security incidents in the fall of 2012. Due to the climate around Java security, in 2013 Smith was invited to present [1] by Black Hat leadership in a closed session under Non-Disclosure Agreement to top industry leaders. In the same year Smith established the first ever [2] full security track at a software developers conference, JavaOne, Oracle's premier conference for Java software developers in San Francisco, California(USA).

Contents

Organizations

Oracle

Smith continues as a principal security analyst at Oracle working strategically across company business units. Smith is an active collaborator in industry developing open source security tools for researchers as well as participating in security conference events and organizing them. [3] [4] During this period Smith was Chief Technical Editor on an application security book project [5] with colleges.

Yahoo

Prior to Oracle around June 2011, Smith was leading security for the User Data Analytics(UDA) business unit at Yahoo and developed innovative security controls to secure Yahoo's click stream revenues. Smith also lead Yahoo's Enterprise Security Triage Program for monitoring enterprise vulnerabilities and tracking remediation activities.

Open Web Application Security Project (OWASP)

OWASP is one of the largest non-profit organizations of security practitioners in the world. On March 12, 2015 Smith developed DeepViolet a TLS/SSL scanning API researchers use to extend TLS/SSL scanning to their own projects. Today DeepViolet is an OWASP Incubator project. Smith is also a leader on the OWASP Security Logging API Project, an open source project extending important security features to applications that use popular logging platforms like log4j and logback.

Citations, publications, and articles

  1. "ORACLE: ON JAVA SECURITY". www.blackhat.com. Retrieved January 17, 2017.
  2. "JavaOne 2014 USA, Security Track Amazeballs! – securitycurmudgeon.com". www.securitycurmudgeon.com. Retrieved November 12, 2016.
  3. "About the Sessions « All Day DevOps". www.alldaydevops.com. Retrieved November 12, 2016.
  4. "AppSecUSA 2015 Contact the Organizers". appsecusa.org.
  5. Manico, Jim; Detlefsen, August (September 9, 2014). Iron-Clad Java: Building Secure Web Applications (1 ed.). McGraw-Hill Education. ISBN   9780071835886.

Related Research Articles

<span class="mw-page-title-main">Java (programming language)</span> Object-oriented programming language

Java is a high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. It is a general-purpose programming language intended to let programmers write once, run anywhere (WORA), meaning that compiled Java code can run on all platforms that support Java without the need to recompile. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of the underlying computer architecture. The syntax of Java is similar to C and C++, but has fewer low-level facilities than either of them. The Java runtime provides dynamic capabilities that are typically not available in traditional compiled languages.

Oracle Corporation is an American multinational computer technology company headquartered in Austin, Texas. Co-founded in 1977 by Larry Ellison, who remains executive chairman, Oracle ranked as the third-largest software company in the world by revenue and market capitalization as of 2020, and the company's seat in Forbes Global 2000 was 80 in 2023.

<span class="mw-page-title-main">Jakarta EE</span> Set of specifications extending Java SE

Jakarta EE, formerly Java Platform, Enterprise Edition and Java 2 Platform, Enterprise Edition (J2EE), is a set of specifications, extending Java SE with specifications for enterprise features such as distributed computing and web services. Jakarta EE applications are run on reference runtimes, which can be microservices or application servers, which handle transactions, security, scalability, concurrency and management of the components they are deploying.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

The Open Web Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

In computing, the Java Secure Socket Extension (JSSE) is a Java API and a provider implementation named SunJSSE that enable secure Internet communications in the Java Runtime Environment. It implements a Java technology version of the Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) protocols. It includes functionality for data encryption, server authentication, message integrity, and optional client-authentication.

Web server software allows computers to act as web servers. The first web servers supported only static files, such as HTML, but now they commonly allow embedding of server side applications.

<span class="mw-page-title-main">Java (software platform)</span> Set of computer software and specifications

Java is a set of computer software and specifications that provides a software platform for developing application software and deploying it in a cross-platform computing environment. Java is used in a wide variety of computing platforms from embedded devices and mobile phones to enterprise servers and supercomputers. Java applets, which are less common than standalone Java applications, were commonly run in secure, sandboxed environments to provide many features of native applications through being embedded in HTML pages.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx. It is free software released under the Apache license 2.0.

Inductive Automation is a supplier of web-based industrial automation software based in Folsom, California, US. The Ignition SCADA platform is the company's main product line.

<span class="mw-page-title-main">AppScale</span> American cloud infrastructure software company

AppScale is a software company that offers cloud infrastructure software and services to enterprises, government agencies, contractors, and third-party service providers. The company commercially supports one software product, AppScale ATS, a managed hybrid cloud infrastructure software platform that emulates the core AWS APIs. In 2019, the company ended commercial support for its open-source serverless computing platform AppScale GTS, but AppScale GTS source code remains freely available to the open-source community.

An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

Ignition is an Integrated Software Platform for SCADA systems released by Inductive Automation in January 2010. It is based on a SQL Database-centric architecture. Ignition features cross-platform, web-based deployment through it's integrated web server platform Perspective, and also dedicated client software utilizing a Java Swing client called Vision. The Ignition platform has three main components: the Ignition Gateway, the Designer, and the runtime clients. Independent modules provide separate functionality in any or all of the platform components. Ignition SCADA modules provide features such as: Real-Time Status Control, Alarming, Reporting, Databases, Data Acquisition, Scripting, Scheduling, MES, and Mobile support.

<span class="mw-page-title-main">ZAP (software)</span> Open-source web application security scanner

ZAP is a dynamic application security testing tool published under the Apache License. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including HTTPS encrypted traffic. It can also run in a daemon mode which is then controlled via a REST-based API.

Serverless computing is a cloud service category in which the customer can use different cloud capabilities types without the customer having to provision, deploy and manage either hardware or software resources, other than providing customer application code or providing customer data. Serverless computing represents a form of virtualized computing." according to ISO/IEC 22123-2. Function as a Service (FaaS) and serverless databases are examples of serverless computing. However, serverless computing is considered to be broader than these components. Sheen Brisals suggests that serverless technology should be viewed as an ecosystem that includes the cloud provider, FaaS, managed services, as well as tools, frameworks, engineers, stakeholders, and other interconnected elements.

Differential testing, also known as differential fuzzing, is a software testing technique that detect bugs, by providing the same input to a series of similar applications, and observing differences in their execution. Differential testing complements traditional software testing because it is well-suited to find semantic or logic bugs that do not exhibit explicit erroneous behaviors like crashes or assertion failures. Differential testing is also called back-to-back testing.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.