<
* [Bitbucket](http://yeukhon.bitbucket.org/)
* [SpeakerDeck](https://speakerdeck.com/yeukhon)
* [Twitter](https://twitter.com/y3ukhon)
* [LinkedIn](http://www.linkedin.com/profile/view?id=59413138)
* [Resume](https://speakerdeck.com/yeukhon/resume)
* yeukhon on IRC (#python, ##javascript, #security@mozilla, #interns@mozilla)
I am a Python programmer and Javascript is becoming a thing to me.
I graduated from [The City College of the City University of New York](http://ccny.cuny.edu/)
with a [Bachelor in Computer Science](http://ccvcl.org/mediawiki/images/3/37/Wong_web_nav_thesis.pdf)
in May 2014.
## Positions
* **Warner Music Group**
* Junior Devop Engineer (2014.10.06 - Present)
* **GLASS Lab**
* Undergraduate Research Student (2012.01 - 2014.05.31)
* **Mozilla**
* Security Assurance Intern (2013.06 - 2013.08)
<del>I am looking for a full time position:</del>
* prefer to work with backend technology (I know I am starting out!)
* prefer to do work in areas touches **education**, **security**, **tool autotmation**
* startup or startup-like team environment would be ideal (research lab for example)
* no contract work, and I prefer not to write custom software for clients
I've done a few security bounties (Amazon, Slack, Medxt and a few others), but TBH
bug bounty program has not been my focus.
I've contributed patches to [Firefox](https://bugzilla.mozilla.org/user_profile?login=yeukhon%40acm.org)
and took the charge to rewrite
Ansible's [hg](https://github.com/ansible/ansible/blob/devel/library/source_control/hg)
module plus a few small patches in the past because I need them to be fixed.
I try to contribute whenever possible.
## On-going projects
Ah. I just have so many small ideas and I now end up with project debts from years ago.
I am slowly solving them.
### [Is Your Auth in Your History Yet?](https://github.com/yeukhon/isyourauthinyourhistoryyet)
This is the latest project I've just started to investigate
how many Github projects have credentials hidden in their history. It will be using Python
and redis.
### [robots-txt-scanner](https://github.com/yeukhon/robots-txt-scanner)
I started working on this when I was an intern and I've just finished rewriting the code.
This project will provide developer a good RFC-compliant robots.txt parser in the future.
Tests and RFC-compliance remains to be improved, as well as testing with real search robots
to see how they deal with extensions are also planned in the future.
### [test-capture](https://github.com/yeukhon/testcapture)
Instrcument your Python test cases by recording down the values of the variables used
inside each test function. This can help track down bugs that are hard to reproduce
and also give immediate feedback when a test fail without having to add ``print()``
statement all over the place.
### [xss-template-engine-tester](https://github.com/yeukhon/xss-template-engine-tester)
I want to know how good Python template engines are when dealing with encoding.
Dealing with XSS is like dealing with bytes and unicode characters in Python.
Knowing whether these template engines have any slightest context-aware mechanism
to help fighting XSS is crucial to Python webframework security. This is done
using Python and Node.js. It is incomplete, but on-going slowly.
### [csp-validator](https://github.com/yeukhon/csp-validator)
I started this project when I was an intern. A basic Python regex-based validation library
for Content-Security-Policy. This validator is suppsoed to be CSP 1.0. There is a plan
to rewrite this using similar technique that was done for the robots-txt-scanner project.
CSP 2.0 draft specification will be added and a thorough study of CSP 1.0 and CSP 2.0
is on-going (as of August 30, 2014).
and many mores on github or currently in my local git folder. Some empty, some have partial
working code. I've tons of small ideas.
## Past Projects
These are the ones I feel proud about.
### [talkingfox](http://ccvcl.org/mediawiki/images/3/37/Wong_web_nav_thesis.pdf)
Interact and command Firefox with your voice, designed to be a helpful tool for blind user.
See [this youtube video](https://www.youtube.com/watch?v=PfrmC4fpWq8) for a demo.
### [mozilla/minion](https://github.com/mozilla/minion)
Minion is a Mozilla project and is designed to be a platform for managing website security scanning
history and result artifacts. Developers can write lightweight plugins in Python to drive
the interaction between Minion and an existing tool like Burp, ZAP or skipfish.
### [Graphyte](http://glasslab.org)
Graphyte is an amibitious project started by Professor Michale Grossberg and Professor Irina Gladkova
to provide a platform for scientists to conduct computation experiments in an unified-looking environment.
One of the features of this project is to allow users to use the tools and resources they want:
they can use Amazon S3 or Google Drive as their data artifact storage backend, or use Condor or
their own job management system, and etc. The code is not available to the public yet.
### [Aurum](https://glasslab.org)
Aurum is an atuotmated grading backend system, which uses Graphyte as backend for job creation and management.
Aurum has been serving Csc 1000, Csc 10200 and Csc 4730 since 2013. Students would go on Blackboard to begin
their assignment by opening a SCORM module that the instructor has prepared and the SCORM module would
ask Aurum to verify the solution.
I managed the infrastructure that powers Aurum and Graphyte during my time in the lab,
in addiiton to being a developer. Call me a devop if you will. I can wear multiple hats.
### [docprompt](https://github.com/yeukhon/docprompt)
I really like the idea of this project. It was done in a rush in a few hours between Dec 30, 2012 and
Jan 1, 2013. LOL. I am super proud. The idea is to write user-input prompt in docstring instead
of writing raw_input or input or getpass all over the place in your Python file. I will work on this
again when I have time. I did this because at the time a lot of large projects came with these
user prompts in Perls and I thought I could help change the process if we could write them in
docstring instead of code.
### [Repository IDE](https://bitbucket.org/ideapiteam/repo-api-master)
As a team we experimented bringing Mercurial API to the cloud. This is done as my project for
CSC I433 (Advanced Topics in Internet Programming), a graduate course which I took as elective
in my undergraduate study. I took another graduate course as elective (CUDA programming).
There are other small projects but they are not list here for brievity.
## Okay
I thought I would share this: it's a great idea to join IRC channels like #python or ##javascript
because I have been picking up features, tips and gotchas in these languages by just staying there.
I play games (Minecraft, FPS).
If someone tells you "self-XSS is a kind of XSS technique", give that person a cookie.
```javascript
// Please, conference organizers, order MORE mediums, not more XSS, or more XL
">
<script>alert("size: xss")</script>
```
## Credits
This page is made possible by using [Strapdown.js](http://strapdownjs.com/).
Last update: 10/03/2014
]]>