Zidong (Zander) Zhang

PhD Student and Security Researcher

Simon Fraser University

Research Interests

Mini Apps / Super Apps SecurityAI-Empowered Apps SecurityWeb SecurityWeb Privacy MeritStatic Application Security Testing (SAST)IoT Security (BLE)

Biography

I am a PhD student in the School of Computing Science at Simon Fraser University, supervised by Prof. Jianliang Wu.

Before joining SFU, I received my M.Sc. degree from Shandong University, supervised by Prof. Wenrui Diao. I also interned at QI-ANXIN Research Institute, where I worked closely with Dr. Qinsheng Hou, Dr. Yacong Gu, and Dr. Lingyun Ying.

My research focuses on uncovering real-world security vulnerabilities in web and mobile ecosystems.

Selected Publications

View All ->

# Co-first author* Corresponding author

Hey, Your Secrets Leaked! Detecting and Characterizing Secret Leakage in the Wild

Jiawei Zhou^#, Zidong Zhang^#, Lingyun Ying^*, Huajun Chai, Jiuxin Cao^*, Haixin Duan

IEEE S&P 2025

CCF-ACore A*BIG4TOP

Introduces KEYSENTINEL for detecting structured and unstructured secrets, plus a large-scale study of leakage across GitHub, PyPI, and WeChat.

MiniBLE: Exploring Insecure BLE API Usages in Mini-Programs

Zidong Zhang, Jianqi Du, Wenrui Diao^*, Jianliang Wu^*

SaTS 2024

Studies insecure BLE pairing in IoT-oriented mini-programs and introduces MiniBLE, a static taint analysis tool evaluated on 41,276 real-world samples.

MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs

Zidong Zhang, Qinsheng Hou, Lingyun Ying^*, Wenrui Diao^*, Yacong Gu, Rui Li, Shanqing Guo, Haixin Duan

ACM CCS 2024

CCF-ACore A*BIG4TOP

Identifies MiniCPRF in mini-programs and presents MiniCAT, which found 13,349 potentially vulnerable samples among 41,726 analyzable mini-programs.

Living in the Past: Analyzing BLE IoT Devices Based on Mobile Companion Apps in Old Versions

Jianqi Du, Zidong Zhang, Fenghao Xu^*, Wenrui Diao^*

MSN 2023

CCF-C

Shows that old BLE companion apps can still expose device vulnerabilities, since many IoT devices cannot receive meaningful firmware fixes.

Identifying the BLE Misconfigurations of IoT Devices through Companion Mobile Apps

Jianqi Du, Fenghao Xu^*, Chennan Zhang, Zidong Zhang, Xiaoyin Liu, Pengcheng Ren, Wenrui Diao^*, Shanqing Guo, Kehuan Zhang

IEEE SECON 2022

CCF-B

Detects BLE misconfigurations through companion app analysis and applies BSC-Checker to 4,589 apps across multiple markets.

News

2026-04

I will serve as a TPC member for SOFTENG 2026.

2026-04

I will serve as a TPC member for PESARO 2026.

2025-09

I got the Noteworthy Reviewer Recognition for USENIX Security 2025 Artifact Evaluation! 🎉

2025-03

One paper accepted by IEEE S&P 2025. 2nd (co-) First-Author Paper in Big4! 🎉 Congrats Jiawei!

2024-11

I will serve as AEC Member for USENIX Security 2025.

2024-08

One paper accepted by SaTS 2024 (co-located with ACM CCS 2024). See you in Salt Lake x2!

2024-05

One paper accepted by ACM CCS 2024. 1st First-Author Paper in Big4! 🎉 See you in Salt Lake!

2023-11

Our team ranked 2023 DataCon Security Analysis Competition, Vulnerability Analysis Track, 3rd Place.

2023-10

One paper accepted by MSN 2023.

2022-07

One paper accepted by IEEE SECON 2022.

Misc

In my free time, I enjoy MMORPGs and addon development. I have been playing World of Warcraft since 2010.

My favorite and most proficient spec is Outlaw Rogue.