The CYRENZH Cybersecurity Clinic was launched in 2024 and offers selected organizations such as SMEs, start-ups, municipalities, schools, non-profit organizations, and associations pro bono cybersecurity services. The projects are executed by students from ZHAW School of Engineering, ZHAW School of Management and Law, and the University of Zurich and supervised by lecturers and scientific personnel.
In recent months, additional projects have been carried out and successfully completed. A total of 10 students were able to gain valuable practical experience while simultaneously supporting partner organizations in addressing their cybersecurity challenges.
Tobias Ospelt, Managing Director Pentagrid AG and project partner of one of the projects, comments: Seeing local LLMs performing very well at certain tasks while failing at others gave us a clear indicator of the possibilities for usage with the Burp Suite MCP server. The evaluation done in the clinic project by the student leads the way for future research in the field.
If you are interested in conducting such a project, please do not hesitate to contact us. You can find all relevant information on the website of the CYRENZH Cybersecurity Clinic.
The completed projects are described below.
Data Leakage Prevention for Bernina Schweiz AG
In this project, a student at ZHAW School of Engineering designed a concept for a data leakage prevention solution for Bernina Schweiz AG. The project began with a survey of Bernina’s requirements and general conditions. This was used to derive various options for defining data protection classes. Finally, a product evaluation was carried out to determine which product best suited Bernina’s needs. The project thus laid the foundations for the successful introduction of a data leakage prevention solution.
Security Consulting for University of Zurich
University of Zurich has a very heterogeneous environment, which makes it difficult to provide suitable recommendations for software components such as password managers or encryption tools. Faced with this challenge, two student teams developed prototypes that evaluate and recommend products based on personal weightings and priorities across various categories. These prototypes can be adjusted to the user’s individual level of knowledge in order to provide more differentiated assessments.
Security Consulting for a Swiss SME
A small and medium-sized enterprise (SME) with a limited budget and no dedicated IT department, yet handling sensitive data, had its infrastructure screened and hardened by a student group, resulting in a significant improvement in its overall security posture. For example, this included replacing and hardening the NAS, setting up a separate router with a customer VPN, and optimizing physical security through appropriate measures.
LLM-Penetration testing with the Burp Suite for Pentagrid
In this project, a student at ZHAW School of Engineering analyzed how LLMs could utilize the penetration testing tool Burp Suite to make penetration testing for the project partner Pentagrid more efficient. Through the implementation of three specific use cases—scan management, result verification, and report generation—the study evaluated the performance of various models, ranging from Llama 3.2 to GPT-4. By establishing a dedicated benchmark, the project demonstrated the feasibility of local LLM-driven security testing and identified the specific strengths and limitations of current models controlling the Burp Suite.