I am a first-year Ph.D. student in Computer Science at Johns Hopkins University, co-advised by Prof. Yinzhi Cao and Prof. Ziyang Li. My research focuses on Web Security and AI Security, with an emphasis on leveraging program analysis techniques to detect and exploit vulnerabilities in real world applications.
Before transitioning to the Ph.D. program, I was a Master of Science student in Security Informatics at Johns Hopkins University, where I was fortunate to be advised by Prof. Yinzhi Cao, which sparked my research interest in web security. I earned my bachelor's degree in Computer Science from East China Normal University, where I graduated as an Outstanding Graduate. I previously served as a Teaching Assistant for Web Security. In Summer 2025, I was a Research Assistant at the University of Texas at Dallas under the supervision of Prof. Wei Yang, where I gained hands on experience in AI security research.
I am currently preparing research submissions to IEEE Symposium on Security & Privacy 2026 and USENIX Security Symposium 2026.
Publications
Poisoned by the Host: Large-Scale Measurement of Host Name Poisoning in Web Applications
IEEE Symposium on Security & Privacy 2026 — under review
First-author paper presenting the first large-scale measurement study of Host Name Poisoning vulnerabilities in real-world web applications.
SafeLookup: Automated Detection and Patching of Prototype Pollution, DOM Clobbering, and Script Gadget Vulnerabilities
USENIX Security Symposium 2026 — target submission (Feb 6, 2026)
Automated system for detecting and patching client-side JavaScript vulnerabilities, including prototype pollution, DOM clobbering, and script gadget abuse.
CVEs
Discovered and responsibly disclosed 20+ real world vulnerabilities, resulting in multiple CVE assignments across widely used open source projects, including Flask based frameworks, authentication middleware, cloud native services, and large scale infrastructure systems.
Representative CVEs: CVE-2025-43930–43933, CVE-2025-61132–61137, CVE-2025-63760–63775.
Featured Projects
Xing Lian Technology: Block-chain Project, East China Normal University
Team Leader | Supervisor: Prof. Aimin Zhou and Kaijing Cai, the CIO of East Money Information Co., Ltd.
•Designed a dual-chain blockchain architecture enabling secure, decentralized data exchange between business entities under a dual-middle platform model (data + business middle layer).
•Developed and implemented a novel threshold signature-based authorization protocol, allowed off-chain signature aggregation and on-chain verification to enhance security during identity verification significantly.
•Provided enterprise users with efficient privacy protection services and realized a time cost reduction of 42.1%.
University Student Innovation Award in the 2nd Yangtze River Delta FinTech Global Competition
Gold Prize of "Challenge Cup" National College Student Entrepreneurship Plan Competition
Experience
Research Assistant, Johns Hopkins University (2024 Sep. - Present) | Advisor: Prof. Yinzhi Cao
Teaching Assistant, EN.601.640 - Web Security, JHU (2025 Fall) | Instructor: Prof. Yinzhi Cao
Summer Research Assistant, University of Texas at Dallas (2025 Summer) | Advisor: Prof. Wei Yang
Web & LLM Security Intern, Medivoice, Baltimore (2024 Oct. - 2025 Mar.) | Internship
Java Full-Stack Developer Intern, Capgemini, Shanghai (2023 Jul. - 2024 Feb.) | Internship
Varsity Member, Table Tennis (2024 Sep. - Present) | Sports
President, School of Computer Science and Technology Students' Union, ECNU (2022 Jun. - 2023 Jun.)
Awards and Honors
Outstanding Graduate, East China Normal University
First Prize, Shanghai Female College Student Innovation and Entrepreneurship Competition
Scholarship, Academic Excellence jointly offered by Nezha Technology Co., Ltd. & ECNU
Social Practice Outstanding Individual, East China Normal University
Scholarship, Academic Excellence jointly offered by People's Financial Holdings Group & ECNU
About Me
When I'm not hunting for vulnerabilities or buried in code, you'll probably find me at a table tennis court or sitting in front of a Go (围棋) board. I'm a 5 dan (五段) Go player, and the game has fundamentally shaped how I think. It teaches patience, long-term strategy, and how to spot patterns hidden in complexity, skills that turn out to be surprisingly useful in security research (probably).
I thrive in collaborative environments and believe the best ideas rarely come from working alone. Some of my favorite moments are brainstorming attack paths with teammates or walking through defense strategies with mentors. Those conversations often spark insights that would be hard to reach solo.
Outside of research, I love traveling and exploring new places. If you want to chat about table tennis, Go, or just share travel stories, feel free to message me on Instagram at brooke_yang_. You'll find plenty of travel photos there, probably more than I should admit.