Interests
- Web & Mobile Security
- Browser Security
- CTF & Bug Bounty
Education
2025.08 – present
M.S. in Computer Science and Engineering
Ulsan National Institute of Science and Technology, @UNIST WebSec Lab
Advisor: Seongil Wi
2021.03 – 2025.08
B.S. in Industrial Security & Police Science & Crime Investigation Software
Publications
[1] BUIzz: Finding Policy Enforcement Bugs via Interaction Simulation on the Browser User Interface
In Proceedings of the USENIX Security Symposium (USENIX Security), 2026
[2] SandVenture: Escaping JavaScript Sandboxes with Objective-driven Input Generation
In Proceedings of the IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2026 (Acceptance Rate: 17.83%)
Honors
IBSM Award (Outstanding Graduate Student Award)
Security Bugs
CVE
Discovered via Strategy 5 of our IEEE EuroS&P 2026 paper, SandVenture: Escaping JavaScript Sandboxes with Objective-driven Input Generation.
Web pages and extensions using ses and the Compartment API to evaluate
third-party code in an isolated environment inadvertently expose
const, let, and class bindings
declared in the top-level scope of a <script> tag to the
lexical scope of untrusted third-party code.
Acknowledgement
Contact
Email
wjdaslrl4475@unist.ac.kr
Office
Ulsan National Institute of Science and Technology, Ulsan
GitHub
github.com/mingijunggrape