Profile

Highly skilled Security Engineer with expertise in web application security. Proven track record of detecting multiple security vulnerabilities on a variety of popular websites such as Google, Facebook, Twitter, and Amazon. Recognized by the Japanese government for innovative programming skills and was awarded the prestigious Super Creator certification. Native Japanese speaker and business-level English skill.

Technical Skills

Languages: C/C++, Java, JavaScript, JSP, Node, Perl, PHP, Python, Ruby, Scheme, SQL
Platforms: Android, FreeBSD, iOS, Linux, Mac OS X, Windows
Middlewares: Apache, GWT, Hadoop, Hive, JAX-RS, MySQL, Pig, PostgreSQL, Selenium, Teradata, Tomcat

Work Experience

May 2014 - Present
Dublin, Ireland

Senior Security Engineer

LinkedIn
Work with the security team in the US.

September 2013 - May 2014
Dublin, Ireland

Information Security Analyst

LinkedIn
Work with the security team in the US.

February 2013 - August 2013
Tokyo, Japan

Information Security Analyst for LinkedIn

TMF Group Limited (Japan)
Dispatched to LinkedIn Japan and worked with the security team in the US as an Information Security Analyst.

November 2011 - January 2013
Tokyo, Japan

Chief Technology Officer

Everforth Co., Ltd.
Built and maintained a BigData management system to integrate a wide variety of commercial products. Designed the database schema on MySQL and implemented its REST API in Java.

October 2011 - March 2012
Tokyo, Japan

Research Fellow (PD)

The Japan Society for the Promotion of Science
Created a novel technique to detect cross-domain vulnerabilities in web applications through academic research.

April 2009 - September 2011
Tokyo, Japan

Research Fellow (DC1)

The Japan Society for the Promotion of Science
Created a novel technique to detect cross-domain vulnerabilities in web applications through academic research.

Education

September 2011
Keio University, Japan

Ph.D. in Engineering

Dissertation: "A Study on Dynamic Detection of Web Application Vulnerabilities"

March 2009
Keio University, Japan

Master of Science in Engineering

Master Thesis: "A Study on Automatic Detection of SQL Injection Vulnerabilities"

March 2007
Keio University, Japan

Bachelor of Engineering

Bachelor Thesis: "Dynamic Analysis for Discovering Improper Sanitization against SQL Injection"

Other Experience

June 2009 - January 2013
Tokyo, Japan

Founder and Chief Architect

AMBERATE.ORG
Recruited members for AMBERATE.ORG, a group that works toward the development of the web application security scanner, Amberate, and makes various web applications more secure by using Amberate to detect vulnerabilities.

March 2010 - April 2010
Memphis, TN, USA

Classroom Assistant

Memphis City Schools
Visited Japanese classes at Craigmont High School and provided native-speaker instruction to help students prepare for the Japanese festival at University of Memphis.

February 2006 - March 2006
Marburg, Germany

Volunteer Worker

Pro International e.V.
Worked with an international team of 10 people from 8 countries to prepare a campsite to open for the summer months.

Achievements

Amberate

During a 7-month period of the Mitoh (Exploratory Software) Youth Project of the Information-Technology Promotion Agency Japan, I developed security software called Amberate, which is composed of approximately 60,000 lines of Java code. Amberate detects vulnerabilities in web applications. By analyzing request and response data, it dynamically generates attacks tailored to individual web applications. Currently, Amberate has not been made public to avoid additional insecurities in accordance with guidelines set by the Japanese government.
Ref. http://www.amberate.org

Sania

When I was an undergraduate student, I developed security software called Sania, which operates an efficient penetration testing for detecting SQL injection vulnerabilities. Since it is designed to be used by web application developers in situations where it can intercept SQL queries, by analyzing the SQL queries, it can automatically generate elaborate attacks and assess the security according to the context of the potentially vulnerable spots in the SQL queries.

Vulnerability Reports

Reported many security vulnerabilities in a variety of popular websites, including Google, Twitter, Amazon, and Facebook. Some outstanding reports are mentioned on their web pages as below.

Awards & Honors

2012

Computer Software Paper Award

JSSST, Japan Society for Software Science and Technology

November 2010

IPSJ Computer Science Research Award for Young Scientists

Information Processing Society of Japan

May 2009

Super Creator Certification

Information-Technology Promotion Agency (IPA), Japan

April 2009

Best Student Presentation Award

SIGOS, Information Processing Society of Japan

March 2007

Poster Award

SPA-SPRING Workshop Committee

Talks

October 2011
Shiga, Japan

Ritsumeikan University

Gave a presentation titled "Technologies towards Web Application Security".

December 2010
Tokyo, Japan

ESPer2010

Proposed a new organization formed by alumni of the Mitou project.

June 2009
Tokyo, Japan

Venture BEAT Project

Introduced and demonstrated Amberate to entrepreneurs and venture capitalists.

May 2009
Tokyo, Japan

IPAX2009

Gave a presentation titled "An Automated and Optimized Audit Testing Framework for Web Applications". Introduced and demonstrated Amberate to the convention attendees.

Publications

Transaction / Journal Publications

Automatically Checking for Session Management Vulnerabilities in Web Applications

Yusuke Takamatsu, Yuji Kosuga, and Kenji Kono
IPSJ Trans. on Advanced Computing Systems (ACS 41), Vol.6, No.1, pp.45--55, Jan. 2013.

Amberate: A Framework for Automated Vulnerability Scanners for Web Applications

Yuji Kosuga, Kenji Kono
JSSST Trans. on Computer Software, Vol.28, No.4, pp.175--195, Nov. 2011.

Generating Effective Attacks for Efficient and Precise Penetration Testing against SQL Injection

Yuji Kosuga, Miyuki Hanaoka, Kenji Kono
IPSJ Trans. on Advanced Computing Systems (ACS 32), Vol.4, No.1, pp.68--82, Nov. 2010.

Conferences

Automated Detection of Session Management Vulnerabilities in Web Applications

Yusuke Takamatsu, Yuji Kosuga, Kono Kenji
In Proc. of Tenth Annual Conference on Privacy, Security and Trust (PST 2012), pp.112--119, Paris, France, Jul. 2012.

Automated Detection of Session Fixation Vulnerabilities

Yusuke Takamatsu, Yuji Kosuga, Kenji Kono
In Proc. of the 19th international conference on World Wide Web (POSTER SESSION in WWW 2010) , pp.1191--1192, Raleigh, NC, USA, Apr. 2010.

Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection

Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hishiyama, Yu Takahama
In Proc. of the 23rd Annual Computer Security Applications Conference (ACSAC 2007) , pp.107--117, Miami Beach, FL, USA, Dec. 2007.

Workshops

Automated Testing of Session Management Vulnerabilities

Yusuke Takamatsu, Yuji Kosuga, Kenji Kono
In Proc. of the 14th Computer Security Symposium (CSS 2011), Niigata, Japan, Oct. 2011.

Automated Detection of Session Management Vulnerabilities

Yusuke Takamatsu, Yuji Kosuga, Kenji Kono
In IPSJ Technical Report (SWoPP 2011), 2011-OS-118, Kagoshima, Japan, Jul. 2011.

Detection of Session Fixation Vulnerabilities with Session ID Monitoring

Masataka Utsumi, Yuji Kosuga, Kenji Kono
In IPSJ Technical Report (SWoPP 2010), 2010-OS-115, Kanazawa, Japan, Aug. 2010.

An Effective Audit Testing for Detecting Vulnerabilities in Web Applications

Yuji Kosuga, Kenji Kono
In IPSJ Technical Report, 2009-OS-111, Okinawa, Japan, Apr. 2009.

Amberate: An Automated and Optimized Audit Testing Framework for Web Applications

Yuji Kosuga
In Proc. of the IPSJ 50th Programming Symposium, pp.73--80, Hakone, Japan, Jan. 2009.

Effective Automated Testing for Detecting SQL Injection Vulnerabilities

Yuji Kosuga, Miyuki Hanaoka, Kenji Kono
In Proc. of the IPSJ SIGNotes Computer Security (2008-CSEC-41), pp. 103--108, Yokohama, Japan, May 2008.

Dynamic Analysis for Discovering Improper Sanitization against SQL Injection Vulnerabilities

Yuji Kosuga
The Fifth Spring Workshop on Systems for Programming and Applications (SPA-SPRING 2007), Japan, March 2007.

Magazine

IT Talents Who Sprang Out of the Mitoh-Youth : Amberate : A Framework for Web Application Security Scanners

Yuji Kosuga
Monthly Magazine of Information Processing Society of Japan, Vol.52, No.12, pp. 1503--1503, November 2011.
free counters