Highly skilled Security Engineer with expertise in web application security. Proven track record of detecting multiple security vulnerabilities on a variety of popular websites such as Google, Facebook, Twitter, and Amazon. Recognized by the Japanese government for innovative programming skills and was awarded the prestigious Super Creator certification. Has experience performing security reviews as part of a security team in a top tech company and creating vulnerability scanning tools to detect web application vulnerabilities.
Specialties: Web Application Security & Attacks.
Work experience includes security code review, architecture review, security analysis, vulnerability analysis, testing tool development with static analysis and dynamic analysis.
October 2016 - Present
Sunnyvale, CA, USA
May 2014 - September 2016
Dublin, Ireland & Mountain View, CA, USA
February 2013 - May 2014
Tokyo, Japan & Dublin, Ireland
November 2011 - January 2013
April 2009 - March 2012
Keio University, Japan
Dissertation: "A Study on Dynamic Detection of Web Application Vulnerabilities"
Keio University, Japan
Master Thesis: "A Study on Automatic Detection of SQL Injection Vulnerabilities"
Keio University, Japan
Bachelor Thesis: "Dynamic Analysis for Discovering Improper Sanitization against SQL Injection"
June 2009 - January 2013
March 2010 - April 2010
Memphis, TN, USA
February 2006 - March 2006
During a 7-month period of the Mitoh (Exploratory Software) Youth Project of the Information-Technology Promotion Agency Japan, I developed security software called Amberate, which is composed of approximately 60,000 lines of Java code. Amberate detects vulnerabilities in web applications. By analyzing request and response data, it dynamically generates attacks tailored to individual web applications. Currently, Amberate has not been made public to avoid additional insecurities in accordance with guidelines set by the Japanese government.
When I was an undergraduate student, I developed security software called Sania, which operates an efficient penetration testing for detecting SQL injection vulnerabilities. Since it is designed to be used by web application developers in situations where it can intercept SQL queries, by analyzing the SQL queries, it can automatically generate elaborate attacks and assess the security according to the context of the potentially vulnerable spots in the SQL queries.
Reported many security vulnerabilities in a variety of popular websites, including Google, Twitter, Amazon, and Facebook. Some outstanding reports are mentioned on their web pages as below.
JSSST, Japan Society for Software Science and Technology
Information Processing Society of Japan
Information-Technology Promotion Agency (IPA), Japan
SIGOS, Information Processing Society of Japan
SPA-SPRING Workshop Committee
Gave a presentation titled "Technologies towards Web Application Security".
Proposed a new organization formed by alumni of the Mitou project.
Introduced and demonstrated Amberate to entrepreneurs and venture capitalists.
Gave a presentation titled "An Automated and Optimized Audit Testing Framework for Web Applications". Introduced and demonstrated Amberate to the convention attendees.
Yusuke Takamatsu, Yuji Kosuga, and Kenji Kono. IPSJ Trans. on Advanced Computing Systems (ACS 41), Vol.6, No.1, pp.45--55, Jan. 2013.
Yuji Kosuga, Kenji Kono. JSSST Trans. on Computer Software, Vol.28, No.4, pp.175--195, Nov. 2011.
Yuji Kosuga, Miyuki Hanaoka, Kenji Kono. IPSJ Trans. on Advanced Computing Systems (ACS 32), Vol.4, No.1, pp.68--82, Nov. 2010.
Yusuke Takamatsu, Yuji Kosuga, Kono Kenji. In Proc. of Tenth Annual Conference on Privacy, Security and Trust (PST 2012), pp.112--119, Paris, France, Jul. 2012.
Yusuke Takamatsu, Yuji Kosuga, Kenji Kono. In Proc. of the 19th international conference on World Wide Web (POSTER SESSION in WWW 2010) , pp.1191--1192, Raleigh, NC, USA, Apr. 2010.
Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hishiyama, Yu Takahama. In Proc. of the 23rd Annual Computer Security Applications Conference (ACSAC 2007) , pp.107--117, Miami Beach, FL, USA, Dec. 2007.
Yusuke Takamatsu, Yuji Kosuga, Kenji Kono. In Proc. of the 14th Computer Security Symposium (CSS 2011), Niigata, Japan, Oct. 2011.
Yusuke Takamatsu, Yuji Kosuga, Kenji Kono. In IPSJ Technical Report (SWoPP 2011), 2011-OS-118, Kagoshima, Japan, Jul. 2011.
Masataka Utsumi, Yuji Kosuga, Kenji Kono. In IPSJ Technical Report (SWoPP 2010), 2010-OS-115, Kanazawa, Japan, Aug. 2010.
Yuji Kosuga, Kenji Kono. In IPSJ Technical Report, 2009-OS-111, Okinawa, Japan, Apr. 2009.
Yuji Kosuga. In Proc. of the IPSJ 50th Programming Symposium, pp.73--80, Hakone, Japan, Jan. 2009.
Yuji Kosuga, Miyuki Hanaoka, Kenji Kono. In Proc. of the IPSJ SIGNotes Computer Security (2008-CSEC-41), pp. 103--108, Yokohama, Japan, May 2008.
Yuji Kosuga. The Fifth Spring Workshop on Systems for Programming and Applications (SPA-SPRING 2007), Japan, March 2007.
Yuji Kosuga. Monthly Magazine of Information Processing Society of Japan, Vol.52, No.12, pp. 1503--1503, November 2011.