In this project, a student at ZHAW School of Engineering analyzed how LLMs could utilize the penetration testing tool Burp Suite to make penetration testing for the project partner Pentagrid more efficient. Through the implementation of three specific use cases—scan management, result verification, and report generation—the study evaluated the performance of various models, ranging from Llama 3.2 to GPT-4. By establishing a dedicated benchmark, the project demonstrated the feasibility of local LLM-driven security testing and identified the specific strengths and limitations of current models controlling the Burp Suite.

University of Zurich has a very heterogeneous environment, which makes it difficult to provide suitable recommendations for software components such as password managers or encryption tools. Faced with this challenge, two student teams developed prototypes that evaluate and recommend products based on personal weightings and priorities across various categories. These prototypes can be adjusted to the user’s individual level of knowledge in order to provide more differentiated assessments.

A small and medium-sized enterprise (SME) with a limited budget and no dedicated IT department, yet handling sensitive data, had its infrastructure screened and hardened by a student group, resulting in a significant improvement in its overall security posture. For example, this included replacing and hardening the NAS, setting up a separate router with a customer VPN, and optimizing physical security through appropriate measures.

In this project, a student at ZHAW School of Engineering designed a concept for a data leakage prevention solution for Bernina Schweiz AG. The project began with a survey of Bernina’s requirements and general conditions. This was used to derive various options for defining data protection classes. Finally, a product evaluation was carried out to determine which product best suited Bernina’s needs. The project thus laid the foundations for the successful introduction of a data leakage prevention solution.

TrueYouOmics, a Winterthur-based health tech start-up, offers AI-driven health risk assessments via a web application that processes sensitive DNA, RNA, and protein data. To ensure a high level of security, a penetration test was conducted as part of a ZHAW Bachelor’s project, requiring deep analysis of modern technologies and advanced attack techniques. While the application was found to be generally secure, several vulnerabilities—especially in core features and chatbot integration—were identified and accompanied by practical mitigation recommendations.

In a joint project between the Landwirtschaftliche Zentrum St. Gallen and ZHAW, students investigated cybersecurity risks on farms, finding frequent high-risk behavior—especially in IT infrastructure and access control—driven by low awareness and limited perceived relevance. Business Informatics students analyzed behavioral factors, while a Computer Science student assessed technical vulnerabilities in internet-connected devices on-site. The project delivered practical recommendations and laid the groundwork for targeted cybersecurity training and awareness materials for farmers.

In collaboration with an SME from the canton of Zurich, students from the ZHAW School of Management and Law conducted a cybersecurity hardening project focused on securing sensitive data exchange among staff and freelancers. After assessing IT systems, cloud services, and key risk areas such as access management and encryption, the team identified vulnerabilities and implemented targeted improvements. The project resulted in a prioritized set of actionable recommendations, giving the SME a stronger security foundation and clear next steps for further protection.

In cooperation with the company Secuteer, a prototype toolbox for web application penetration testing was developed as part of a Computer Science Bachelor’s project at ZHAW, with the goal of making cybersecurity more accessible.