Zidong (Zander) Zhang

Zidong (Zander) Zhang

PhD Student and Security Researcher

Simon Fraser University

Research Interests

Mini Apps / Super Apps SecurityAI-Empowered Apps SecurityWeb SecurityWeb Privacy MeritStatic Application Security Testing (SAST)IoT Security (BLE)

Biography

I am a PhD student in the School of Computing Science at Simon Fraser University, supervised by Prof. Jianliang Wu.

Before joining SFU, I received my M.Sc. degree from Shandong University, supervised by Prof. Wenrui Diao. I also interned at QI-ANXIN Research Institute, where I worked closely with Dr. Qinsheng Hou, Dr. Yacong Gu, and Dr. Lingyun Ying.

My research focuses on uncovering real-world security vulnerabilities in web and mobile ecosystems.

Selected Publications

View All ->

# Equal contribution / Co-first authors.* Corresponding author

Mini-Programs, Mega-Problems: Unveiling OAuth Misuses in Mini-Programs via Dynamic Analysis

Zidong Zhang#, Zhentao Xie#, Lingyun Ying, Qingsheng Hou, Yacong Gu, Wenrui Diao, Jianliang Wu

ACM CCS 2026
CCF-ACore A*BIG4TOP

Systematizes OAuth-based authentication misuses in mini-programs and presents a dynamic analysis framework that finds 1,834 real-world cases across WeChat and Baidu ecosystems.

Hey, Your Secrets Leaked! Detecting and Characterizing Secret Leakage in the Wild

Jiawei Zhou#, Zidong Zhang#, Lingyun Ying*, Huajun Chai, Jiuxin Cao*, Haixin Duan

IEEE S&P 2025
CCF-ACore A*BIG4TOP

Introduces KEYSENTINEL for detecting structured and unstructured secrets, plus a large-scale study of leakage across GitHub, PyPI, and WeChat.

MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs

Zidong Zhang, Qinsheng Hou, Lingyun Ying*, Wenrui Diao*, Yacong Gu, Rui Li, Shanqing Guo, Haixin Duan

ACM CCS 2024
CCF-ACore A*BIG4TOP

Identifies MiniCPRF in mini-programs and presents MiniCAT, which found 13,349 potentially vulnerable samples among 41,726 analyzable mini-programs.

News

2026-06

One paper accepted by ACM CCS 2026. 3rd (co-) First-Author Paper in Big4! ๐ŸŽ‰

2026-04

One paper accepted by ACM CCS 2026. ๐ŸŽ‰

2026-04

I will serve as a TPC member for SOFTENG 2026.

2026-04

I will serve as a TPC member for PESARO 2026.

2025-11

Received the 2025 Shandong University Outstanding Master's Thesis Award!

2025-09

I got the Noteworthy Reviewer Recognition for USENIX Security 2025 Artifact Evaluation! ๐ŸŽ‰

2025-03

One paper accepted by IEEE S&P 2025. 2nd (co-) First-Author Paper in Big4! ๐ŸŽ‰ Congrats Jiawei!

2026-01

Received the 2025 Shandong Province Outstanding Master's Thesis Award!

2024-11

I will serve as AEC Member for USENIX Security 2025.

2024-08

One paper accepted by SaTS 2024 (co-located with ACM CCS 2024). See you in Salt Lake x2!

2024-05

One paper accepted by ACM CCS 2024. 1st First-Author Paper in Big4! ๐ŸŽ‰ See you in Salt Lake!

2023-11

Our team ranked 2023 DataCon Security Analysis Competition, Vulnerability Analysis Track, 3rd Place.

2023-10

One paper accepted by MSN 2023.

2022-07

One paper accepted by IEEE SECON 2022.

Misc

In my free time, I enjoy MMORPGs and addon development. I have been playing World of Warcraft since 2010.

My favorite and most proficient spec is Outlaw Rogue Icon Outlaw Rogue.