Research
Working on research in web security and AI security, learning and contributing to the field through systematic vulnerability analysis and responsible disclosure practices.
Host Name Pollution
Conducting first-author research on systematic detection and large-scale measurement of host header injection vulnerabilities. Framework analysis has led to the discovery of CVE-2025-43930–43933.
Web Security Research
Working on comprehensive analysis of web application vulnerabilities including prototype pollution, DOM clobbering, and script gadgets. Contributing to automated detection and patching framework development.
AI Security & MoE
Working on adversarial vulnerabilities in Mixture-of-Experts architectures and exploring defense mechanisms for large language models. Research focuses on efficiency degradation and robustness failure analysis.
Publications in Preparation
Contributing to the academic community through research publications targeting top-tier security conferences, with ongoing work across multiple research areas.
MoEFail: Triggering Efficiency Degradation and Robustness Failures in Mixture-of-Experts Systems
ACM ASIACCS 2026 (Target)
📅 Submission Deadline: December 13, 2025
Investigating adversarial vulnerabilities in Mixture-of-Experts architectures and exploring defense mechanisms for large language models. This research contributes to understanding security concerns in modern AI systems.
CVE Discoveries
Contributing to cybersecurity through systematic vulnerability research, with 10+ CVEs discovered and multiple CVEs publicly disclosed through responsible disclosure practices.
Published CVEs
CVE-2025-43930 – CVE-2025-43933
Publicly disclosed host header injection vulnerabilities in popular web frameworks. These findings represent a subset of the 10+ CVEs identified through systematic security analysis and automated detection methodologies.
Total CVE Discoveries
10+ CVEs Discovered
Comprehensive vulnerability research across multiple web frameworks and applications. While CVE-2025-43930–43933 have been publicly disclosed, additional CVEs are currently undergoing responsible disclosure processes with relevant vendors and organizations.
Experience
Building expertise through research, internships, and academic collaborations.
Johns Hopkins University
Master of Science in Security Informatics
September 2024 - July 2026
Graduate student specializing in web security and AI security research. Conducting cutting-edge research in vulnerability discovery, host header injection analysis, and machine learning robustness with multiple top-tier conference publications in preparation.
East China Normal University
Bachelor of Science in Computer Science and Technology
September 2020 - July 2024 | Shanghai, China
Completed undergraduate studies at East China Normal University, a prestigious 985, 211, and "Double First-Class" research university in China. Focused on computer science fundamentals, software engineering, and security. Graduated as Outstanding Graduate (top 10%) with multiple academic excellence scholarships and leadership roles in student organizations.
Host Name Pollution Research
Independent Researcher | Johns Hopkins University
February 2025 - Present | Supervisor: Prof. Yinzhi Cao
First-author research on systematic detection and large-scale measurement of Host Name Pollution vulnerabilities, conducted under the guidance of Prof. Yinzhi Cao. Designed and executed comprehensive black-box and gray-box audits to uncover trust-model flaws in email, password-reset, and token-binding workflows. Developed white-box analyzers with taint tracking for Python/JavaScript/Java/PHP/Ruby/Go/Rust frameworks.
DOM Clobbering, Prototype Pollution, and Script Gadgets Research
Research Assistant | Johns Hopkins University
November 2024 - Present | Supervisor: Prof. Yinzhi Cao
Conducting large-scale vulnerability research on prototype pollution, DOM clobbering, and script gadgets in JavaScript frameworks under Prof. Yinzhi Cao's supervision. Developing automated pipeline for gadget chain extraction and validation, with ML-based classifiers for high-impact candidate prioritization and LLM-based automatic repair framework.
MoE Robustness Research
Summer Research Assistant | University of Texas at Dallas
Summer 2025 | Supervisor: Prof. Wei Yang
Conducted summer research with Prof. Wei Yang at University of Texas at Dallas, gaining valuable exposure to AI security research. Investigated robustness and efficiency limitations in dynamic Mixture-of-Experts (MoE) systems under real-world input variations. Developed perturbation-based attacks to systematically expose routing imbalance and efficiency degradation, with integrated measurement pipeline for latency, FLOPs, and expert activation analysis.
Web Security Teaching Assistant
Teaching Assistant | Johns Hopkins University
Fall 2025 - Present | Instructor: Prof. Yinzhi Cao
Honored to serve as Teaching Assistant for Prof. Yinzhi Cao's Web Security course. Assisting students with web security concepts, vulnerability analysis, and hands-on security exercises. Contributing to curriculum development and providing guidance on practical security research methodologies under Prof. Cao's mentorship.
Internship Experience
Professional experience in enterprise security development and AI/LLM security applications.
Java Full-Stack Developer
Capgemini Shanghai, China
July 2023 - February 2024
Built and maintained secure backend modules for HSBC's eCommerce and payment systems using Spring Boot and Vue.js. Implemented enterprise-grade web security controls including JWT authentication, session lifecycle hardening, CSRF defenses, and role-based access control (RBAC).
Web & LLM Security
Medivoice Baltimore, US
October 2024 - March 2025
Developed and secured an LLM-based appointment scheduling system by integrating OpenAI APIs with sensitive healthcare web services. Designed tests and protective measures to ensure LLM output consistency and block metadata injection or unauthorized API calls.
Undergraduate Research
Innovative projects and research during undergraduate studies at East China Normal University, a prestigious 985, 211, and "Double First-Class" research university in Shanghai.
BiFu: Aggregated Payment Platform
Independent Researcher | ECNU
January 2024 - June 2024 | Supervisor: Prof. Jian Jin
Designed and deployed a production-ready aggregated payment platform using Spring Boot, Spring Cloud, and Vue.js, integrating WeChat, Alipay, and UnionPay. Built a secure microservice backend with centralized authentication (OAuth2, JWT) and robust multi-tenant login for merchants and admins.
Online Debug (EOD) Platform
Team Leader | ECNU
August 2022 - September 2023 | Supervisors: Asso. Prof. Ailian Fang & Asso. Prof. Fei Xu
Launched ECNU's first online programming assistant with live Q&A, algorithm sharing, and peer code review. Designed and built the entire tech stack, including forum logic, authentication and secure role-based access control. Selected as Shanghai University Student Innovative Projects.
Xing Lian Blockchain Project
Team Leader | ECNU
August 2022 - August 2023 | Supervisors: Prof. Aimin Zhou & Kaijing Cai (CIO, East Money Information Co.)
Designed a dual-chain blockchain architecture enabling secure, decentralized data exchange between business entities. Developed a novel threshold signature-based authorization protocol, achieving 42.1% time cost reduction. Won Gold Prize in "Challenge Cup" National College Student Entrepreneurship Plan Competition.
Skills & Tools
Technical expertise and tools for cybersecurity research and development.
Web Security Research
Programming & Development
Security Tools & Frameworks
AI/ML & MoE Analysis
Automated Analysis
Research & Development
Awards & Recognition
Academic excellence, research contributions, and recognition for innovation and leadership.
Challenge Cup Gold Prize
National College Student Entrepreneurship Plan Competition
Gold Prize winner for the Xing Lian blockchain project, demonstrating exceptional innovation in dual-chain architecture and threshold signature protocols.
First Prize - Innovation Competition
Shanghai Female College Student Innovation and Entrepreneurship Competition (0.75%)
First Prize winner among top 0.75% of participants, recognizing outstanding innovation and entrepreneurship capabilities.
Outstanding Graduate
East China Normal University (10%)
Recognized as Outstanding Graduate among top 10% of students at East China Normal University, a prestigious 985, 211, and "Double First-Class" research university, acknowledging academic excellence and comprehensive achievements.
Academic Excellence Scholarships
Multiple Corporate & University Scholarships
Recipient of Academic Excellence Scholarships from Nezha Technology Co., Ltd. (2%) and People's Financial Holdings Group (1%), recognizing outstanding academic performance.
CVE Discovery Recognition
10+ CVE Assignments
Recognized for discovering and responsibly disclosing 10+ security vulnerabilities in popular web frameworks, with CVE-2025-43930–43933 publicly disclosed.
Leadership Recognition
Student Union President & Social Practice
President of School of Computer Science and Technology Students' Union, and Social Practice Outstanding Individual (0.6%), demonstrating leadership and community engagement.
Contact
Let's connect and explore opportunities for collaboration.