Milton Smith

Last updated

Milton Smith
Other names@spoofzu
CitizenshipAmerican
Known for Computer security
Scientific career
Fields Computer security
Institutions Oracle
Yahoo

Milton Smith is an American computer security application developer, researcher, and writer. Smith is best known for his role leading Java platform security at Oracle during a period of high-profile security incidents in the fall of 2012. Due to the climate around Java security, in 2013 Smith was invited to present [1] by Black Hat leadership in a closed session under Non-Disclosure Agreement to top industry leaders. In the same year Smith established the first ever [2] full security track at a software developers conference, JavaOne, Oracle's premier conference for Java software developers in San Francisco, California(USA).

Contents

Organizations

Oracle

Smith continues as a principal security analyst at Oracle working strategically across company business units. Smith is an active collaborator in industry developing open source security tools for researchers as well as participating in security conference events and organizing them. [3] [4] During this period Smith was Chief Technical Editor on an application security book project [5] with colleges.

Yahoo

Prior to Oracle around June 2011, Smith was leading security for the User Data Analytics(UDA) business unit at Yahoo and developed innovative security controls to secure Yahoo's click stream revenues. Smith also lead Yahoo's Enterprise Security Triage Program for monitoring enterprise vulnerabilities and tracking remediation activities.

Open Web Application Security Project (OWASP)

OWASP is one of the largest non-profit organizations of security practitioners in the world. On March 12, 2015 Smith developed DeepViolet a TLS/SSL scanning API researchers use to extend TLS/SSL scanning to their own projects. Today DeepViolet is an OWASP Incubator project. Smith is also a leader on the OWASP Security Logging API Project, an open source project extending important security features to applications that use popular logging platforms like log4j and logback.

Citations, publications, and articles

  1. "ORACLE: ON JAVA SECURITY". www.blackhat.com. Retrieved January 17, 2017.
  2. "JavaOne 2014 USA, Security Track Amazeballs! – securitycurmudgeon.com". www.securitycurmudgeon.com. Retrieved November 12, 2016.
  3. "About the Sessions « All Day DevOps". www.alldaydevops.com. Retrieved November 12, 2016.
  4. "AppSecUSA 2015 Contact the Organizers". appsecusa.org.
  5. Manico, Jim; Detlefsen, August (September 9, 2014). Iron-Clad Java: Building Secure Web Applications (1 ed.). McGraw-Hill Education. ISBN   9780071835886.

Related Research Articles

<span class="mw-page-title-main">Java (programming language)</span> Object-oriented programming language

Java is a high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. It is a general-purpose programming language intended to let programmers write once, run anywhere (WORA), meaning that compiled Java code can run on all platforms that support Java without the need to recompile. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of the underlying computer architecture. The syntax of Java is similar to C and C++, but has fewer low-level facilities than either of them. The Java runtime provides dynamic capabilities that are typically not available in traditional compiled languages. As of 2019, Java was one of the most popular programming languages in use according to GitHub, particularly for client–server web applications, with a reported 9 million developers.

<span class="mw-page-title-main">Oracle Corporation</span> American multinational computer technology corporation

Oracle Corporation is an American multinational computer technology corporation headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. The company sells database software and technology, cloud engineered systems, and enterprise software products, such as enterprise resource planning (ERP) software, human capital management (HCM) software, customer relationship management (CRM) software, enterprise performance management (EPM) software, and supply chain management (SCM) software.

<span class="mw-page-title-main">Jakarta EE</span> Set of specifications extending Java SE

Jakarta EE, formerly Java Platform, Enterprise Edition and Java 2 Platform, Enterprise Edition (J2EE), is a set of specifications, extending Java SE with specifications for enterprise features such as distributed computing and web services. Jakarta EE applications are run on reference runtimes, that can be microservices or application servers, which handle transactions, security, scalability, concurrency and management of the components it is deploying.

An application server is a server that hosts applications or software that delivers a business application through a communication protocol.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

The Open Worldwide Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

In computing, the Java Secure Socket Extension (JSSE) is a Java API and a provider implementation named SunJSSE that enable secure Internet communications in the Java Runtime Environment. It implements a Java technology version of the Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) protocols. It includes functionality for data encryption, server authentication, message integrity, and optional client-authentication.

<span class="mw-page-title-main">Java (software platform)</span> Set of computer software and specifications

Java is a set of computer software and specifications developed by James Gosling at Sun Microsystems, which was later acquired by the Oracle Corporation, that provides a system for developing application software and deploying it in a cross-platform computing environment. Java is used in a wide variety of computing platforms from embedded devices and mobile phones to enterprise servers and supercomputers. Java applets, which are less common than standalone Java applications, were commonly run in secure, sandboxed environments to provide many features of native applications through being embedded in HTML pages.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

Inductive Automation is a supplier of web-based industrial automation software based in Folsom, California, US. The Ignition SCADA platform is the company's main product line.

<span class="mw-page-title-main">AppScale</span> American cloud infrastructure software company

AppScale is a software company offering cloud infrastructure software and services to enterprises, government agencies, contractors, and third-party service providers. The company commercially supports one software product, AppScale ATS, a managed hybrid cloud infrastructure software platform that emulates the core AWS APIs. In 2019, the company ended commercial support for its open-source serverless computing platform AppScale GTS, however, its source code remains freely available to the open-source community.

<span class="mw-page-title-main">API</span> Software interface between computers and/or programs

An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build or use such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

Wakanda is a JavaScript platform to develop and run web or mobile apps.

Ignition is an Integrated Software Platform for SCADA systems released by Inductive Automation in January 2010. It is based on a SQL Database-centric architecture. Ignition features cross platform web based deployment through Java Web Start technology. The Ignition platform has three main components: the Ignition Gateway, the Designer, and the runtime clients. Independent modules provide separate functionality in any or all of the platform components. Ignition SCADA modules provide features such as: Real-Time Status Control, Alarming, Reporting, Data Acquisition, Scripting, Scheduling, MES, and Mobile support.

OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.

<span class="mw-page-title-main">Software development security</span>

Security, as part of the software development process, is an ongoing process involving people and practices, and ensures application confidentiality, integrity, and availability. Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind.

Differential testing, also known as differential fuzzing, is a popular software testing technique that attempts to detect bugs, by providing the same input to a series of similar applications, and observing differences in their execution. Differential testing complements traditional software testing, because it is well-suited to find semantic or logic bugs that do not exhibit explicit erroneous behaviors like crashes or assertion failures. Differential testing is sometimes called back-to-back testing.