Xiaoran is a Product Security Engineer at salesforce.com. He is passionate about security, especially web application security. At work, he does architectural feature review for security, web penetration testing, security training, security automation, etc. In his personal time, he does security research in a variety of topics including exploit writing, malware analysis, vulnerability analysis, and tearing things apart. He has written many useful defensive tools as well. For example, he developed an add-on "Mixed Content Monitor" for Firefox to block and show the insecure resources loaded within https. He also developed "Process Injection Monitor" that does automatic malware analysis and extracts injected code to a binary when a malware process tries to inject itself into other processes. He holds a MS degree in Information Security from Carnegie Mellon University.