I am a first-year Ph.D. student in Computer Science at Johns Hopkins University, co-advised by Prof. Yinzhi Cao and Prof. Ziyang Li. My research focuses on Web Security and AI Security, with an emphasis on leveraging program analysis techniques to detect and exploit vulnerabilities in real world applications.
Before transitioning to the Ph.D. program, I was a Master of Science student in Security Informatics at Johns Hopkins University, where I was fortunate to be advised by Prof. Yinzhi Cao, which sparked my research interest in web security. I earned my bachelor's degree in Computer Science from East China Normal University, where I graduated as an Outstanding Graduate. I previously served as a Teaching Assistant for Web Security. In Summer 2025, I was a Research Assistant at the University of Texas at Dallas under the supervision of Prof. Wei Yang, where I gained hands on experience in AI security research.
Publications
Poisoned by the Host: Large-Scale Measurement of Host Name Poisoning in Web Applications
To appear in IEEE Symposium on Security and Privacy (S&P Oakland), 2026Paper
First-author paper presenting the first large-scale measurement study of Host Name Poisoning vulnerabilities in real-world web applications.
SafeLookup: Automated Detection and Patching of Prototype Pollution, DOM Clobbering, and Script Gadget Vulnerabilities
In preparation, target: ACM CCS 2026
Automated system for detecting and patching client-side JavaScript vulnerabilities, including prototype pollution, DOM clobbering, and script gadget abuse.
Amazon Nova AI Challenge, Trusted Software Agents Track
Ongoing, results and technical details under program confidentiality
CVEs
Discovered and responsibly disclosed 50+ real world vulnerabilities, resulting in multiple CVE assignments across widely used open source projects, including Flask based frameworks, authentication middleware, cloud native services, and large scale infrastructure systems.
Representative CVEs: CVE-2025-43930–43933, CVE-2025-61132–61137, CVE-2025-63760–63775, CVE-2025-65455–65461, CVE-2025-69877–69892.
Signature Undergraduate Research
Xing Lian Technology: Block-chain Project, East China Normal University
Team Leader (Aug. 2022 - Aug. 2023) | Supervisor: Prof. Aimin Zhou and Kaijing Cai, CIO of EMI
•Designed a dual-chain blockchain architecture enabling secure, decentralized data exchange between business entities under a dual-middle platform model (data + business middle layer).
•Developed and implemented a novel threshold signature-based authorization protocol, allowing off-chain signature aggregation and on-chain verification to enhance privacy and security during identity verification.
•Provided enterprise users with efficient privacy protection services and realized a time cost reduction of 42.1%.
Won the University Student Innovation Award in the 2nd Yangtze River Delta FinTech Global Competition and the Gold Prize of "Challenge Cup" National College Student Entrepreneurship Plan Competition.
Experience
Research Assistant, Johns Hopkins University (2024 Sep. - Present) | Advisor: Prof. Yinzhi Cao
Teaching Assistant, EN.601.640 - Web Security, JHU (2025 Fall) | Instructor: Prof. Yinzhi Cao
Summer Research Assistant, University of Texas at Dallas (2025 Summer) | Advisor: Prof. Wei Yang
Web & LLM Security Intern, Medivoice, Baltimore (2024 Oct. - 2025 Mar.) | Internship
Java Full-Stack Developer Intern, Capgemini, Shanghai (2023 Jul. - 2024 Feb.) | Internship
Varsity Member, Table Tennis (2024 Sep. - Present) | Sports
President, School of Computer Science and Technology Students' Union, ECNU (2022 Jun. - 2023 Jun.)
Student Cadre & Class Monitor, Class of 2024 #1, ECNU (2020 Sep. - 2024 Sep.)
Talks
WiCyS Alumni Cybersecurity Panel
Panelist, academia track · Johns Hopkins WiCyS · April 17, 2026
Link · Slides · Video (coming soon)
Professional Services
External Reviewer
- IEEE Symposium on Security and Privacy (S&P '26)
- USENIX Security Symposium (Usenix '26)
- The ACM Conference on Computer and Communications Security (CCS '26)
Awards and Honors
Outstanding Graduate, East China Normal University (Top 10%) (Jun. 2024)
First Prize, Shanghai Female College Student Innovation and Entrepreneurship Competition (Top 0.75%) (Jan. 2023)
Scholarship, Academic Excellence jointly offered by Nezha Technology Co., Ltd. & ECNU (Top 2%) (Dec. 2022)
Social Practice Outstanding Individual, East China Normal University (Top 0.6%) (Apr. 2022)
Scholarship, Academic Excellence jointly offered by People's Financial Holdings Group & ECNU (Top 1%) (Oct. 2021)
About Me
When I'm not hunting for vulnerabilities or buried in code, you'll probably find me at a table tennis court or sitting in front of a Go (围棋) board. I'm a 5 dan (五段) Go player, and the game has fundamentally shaped how I think. It teaches patience, long-term strategy, and how to spot patterns hidden in complexity, skills that turn out to be surprisingly useful in security research (probably).
I thrive in collaborative environments and believe the best ideas rarely come from working alone. Some of my favorite moments are brainstorming attack paths with teammates or walking through defense strategies with mentors. Those conversations often spark insights that would be hard to reach solo.
Outside of research, I love traveling and exploring new places. If you want to chat about table tennis, Go, or just share travel stories, feel free to message me on Instagram at brooke_yang_. You'll find plenty of travel photos there, probably more than I should admit.