Youkun Shi is a Postdoctoral Fellow in the Department of computing at The Hong Kong Polytechnic University, working under the supervision of Prof. Daniel Xiapu Luo. He earned the Ph.D. degree in June 2024 from Fudan University, advised by Prof. Yuan Zhang and Prof. Min Yang. His research focuses on system security, especially web security. To date, he has published 5 first-author papers in top-tier conferences. His research has been adopted by leading companies such as Alibaba and Huawei, and acknowledged in security advisories from major companies such as Google, Apache, and IBM.

Moreover, Youkun Shi is the co-founder of a great CTF Team at Fudan University, named Whitzard. The team has participated in numerous prestigious world-wide CTF competitions, achieving commendable rankings.

🔥 News

• [2025.06]  🎉 Two papers accepted by USENIX Security 2025!
• [2025.05]  🎉 One talk accepted by BlackHat USA 2025!
• [2025.05]  🎉 Our vulnerability detection work on microservice-structured web apps received Distinguished Paper Award at IEEE S&P 2025!
• [2025.03]  🎉 One paper accepted by ACM CCS 2025!
• [2025.03]  🎉 Two papers accepted by IEEE S&P 2025!

📖 Background

• 2024.11 - now, Postdoc, The Hong Kong Polytechnic University, Department of Computing.
• 2019.09 - 2024.06, Ph.D, Fudan University, School of Computer Science.
• 2015.09 - 2019.06, B.Eng, China University of Mining and Technology, School of Computer Science.

📝 Publications

👍🏻 Lead Publications

1. USENIX SEC'25 XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing PDF
   Youkun Shi, Yuan Zhang, Tianhao Bai, Feng Xue, Jiarun Dai, Fengyu Liu, Lei Zhang, Xiapu Luo, Min Yang.
   In Proceedings of the 34th USENIX Security Symposium (USENIX SEC), August, 2025.
   CCF-A, Security BIG4 Conference

2. S&P'25 MOCGuard: Automatically Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications PDF
   Fengyu Liu^*, Youkun Shi^*, Yuan Zhang, Guangliang Yang, Enhao Li, Min Yang (* co-first authors).
   In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), May 2025.
   CCF-A, Security BIG4 Conference

3. WWW'24 RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications PDF
   Youkun Shi, Yuan Zhang, Tianhao Bai, Lei Zhang, Xin Tan, Min Yang.
   In Proceedings of the 33rd ACM Web Conference (WWW), May, 2024.
   CCF-A, Top Web Research Conference

4. ASE'22 Precise (Un)Affected Version Analysis for Web Vulnerabilities PDF
   Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Min Yang.
   In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), October, 2022.
   CCF-A, Top Software Engineering Conference

5. USENIX SEC'22 Backporting Security Patches of Web Applications PDF
   Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang.
   In Proceedings of the 31st USENIX Security Symposium (USENIX SEC), August, 2022.
   CCF-A, Security BIG4 Conference

🤝 Other Publications

1. USENIX SEC'25 Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents PDF
   Fengyu Liu, Yuan Zhang, Jiaqi Luo, Jiarun Dai, Tian Chen, Letian Yuan, Zhengmin Yu, Youkun Shi, Ke Li, Chengyuan Zhou, Hao Chen, Min Yang.
   In Proceedings of the 34th USENIX Security Symposium (USENIX SEC), August, 2025.
   CCF-A, Security BIG4 Conference

2. CCS'25 BACScan: Automatic Black-Box Detection of Broken-Access-Control Vulnerabilities in Web Applications PDF
   Fengyu Liu, Yuan Zhang, Enhao Li, Wei Meng, Youkun Shi, Qianheng Wang, Chenlin Wang, Zihan Lin, Min Yang.
   In Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS), October 2025.
   CCF-A, Security BIG4 Conference

3. S&P'25 Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications PDF Distinguished Paper Award
   Fengyu Liu, Yuan Zhang, Tian Chen, Youkun Shi, Guangliang Yang, Zihan Lin, Min Yang, Junyao He, Qi Li.
   In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), May 2025.
   Presented at BlackHat USA 2025 [Talk Abstract]
   CCF-A, Security BIG4 Conference

🎖 Honors and Awards

• 2024, Huawei TopMinds Program Offer
• 2024, Outstanding PhD Graduates, Shanghai (Top 5%)
• 2024, Academic Star, Fudan University (Top 30)
• 2022, National Scholarship for Ph.D. Candidates (Top 0.2%)
• 2018, National Scholarship for B.S. Candidates (Top 0.2%)
• 2017, National Scholarship for B.S. Candidates (Top 0.2%)

🏆 Skill Competitions

• 2021, 🏆 Champion, 6th XCTF International League (Final Round)
• 2021, 🏆 Champion, 2nd XiangYun Cup Cybersecurity Competition (Final Round)
• 2020, 🏆 Champion, 4th X-NUCA Cybersecurity Competition (Final Round)
• 2020, 🏆 Champion, 13th National College Student Information Security Contest (Final Round)
• 2020, 🏆 Champion, 4th Hangzhou Cybersecurity Skills Competition (Final Round)
• 2019, 🏆 Champion, 3rd X-NUCA Cybersecurity Competition (Final Round)
• 2019, 🥈 Runner-up, 5th XCTF International League (Final Round)
• 2019, 🥈 Runner-up, 1st OGeek Cup Cybersecurity Competition (Final Round)
• 2019, 🏆 Champion, 3rd Tencent RisingStar Cybersecurity Competition (Final Round)
• 2019, 🏆 Champion, 3rd Hangzhou Cybersecurity Skills Competition (Final Round)
• 2018, 🏆 Champion, 2nd Hangzhou Cybersecurity Skills Competition (Final Round)

👨‍💻 Services

Journal Reviewing

• TDSC IEEE Transactions on Dependable and Secure Computing