Rösti recipe for greater cybersecurity

At the first ROESTI event, students from all over Switzerland tested the security of IT systems at Swiss universities. In collaboration with GObugfree, the Switch Foundation invited budding cybersecurity professionals to use their ethical hacking skills to identify vulnerabilities in a secure environment.

Text: Roland Eugster, published on 07. November 2024

Switch and GObugfree welcome students to the first ROESTI event.
Switch and GObugfree welcome students to the first ROESTI event. Photo: Mathias Karlsson, Switch.

The Switch Foundation uses innovative formats such as the ROESTI event to actively promote cybersecurity in the Swiss education area. ROESTI stands for “Reporting Open & Exploitable Security Threats and Issues”. On 16 October, Switch and GObugfree welcomed 22 students from all over Switzerland to the Kuppelraum at the University of Bern. The aim was to put the security architecture of ten universities to the test under the motto “Students hack educational institutions”. 

Practical training with ethical hacking

Participants worked in teams and were tasked with identifying real vulnerabilities in the universities’ networks and systems. They reported vulnerabilities directly to GObugfree’s vulnerability management and bug bounty platform for ethical hacking. 

«With this event, we want to offer universities a secure environment in which vulnerabilities in their networks can be found and reported», explains Silvio Oertli, Head of Switch CERT (Computer Emergency Response Team) for the Swiss universities and the Switch registry. The students not only gained valuable insights into the practice of ethical hacking, the event also offered them many opportunities to exchange ideas with each other and with the Chief Information Security Officers or their deputies of the participating educational institutions.

Silvio Oertli, Head of Switch CERT (Computer Emergency Response Team) for the Swiss universities and the Switch registry, recalls the ‘rules of the game’.
Silvio Oertli, Head of Switch CERT (Computer Emergency Response Team) for the Swiss universities and the Switch registry, recalls the ‘rules of the game’. Photo: Mathias Karlsson, Switch.

13 vulnerabilities identified

The results speak for the success of the event: at the end of the day, the students uncovered a total of 13 vulnerabilities. These ranged from XSS vulnerabilities to potential SQL injections and unauthorised access opportunities. One highlight was the discovery of websites that still featured a turn-of-the-millennium design: bright colours, pixelated images and dark blue links on a black background caused laughter amongst the participants.

Valuable findings for universities

The participating universities took the identified vulnerabilities with them as homework – a valuable opportunity to derive specific improvement measures to strengthen their systems and further develop security strategies. «By making this free vulnerability management platform available to universities, we are helping to strengthen cyber resilience and supporting institutions in making their systems more secure», says Rolf Wagner, COO of GObugfree.

The motto of the ROESTI event: «Students hack into educational institutions.»
The motto of the ROESTI event: «Students hack into educational institutions.» Photo: Mathias Karlsson, Switch.

Successful première and plans to continue

The first ROESTI event proved that the combined commitment of educational institutions and cybersecurity experts does more than strengthen the security of Swiss universities in the long term. «It also raises awareness of cybersecurity and supports the next generation of experts in this critical area», adds Silvio Oertli from Switch. 

Switch and GObugfree plan to continue this innovative format.

Cyber Security
Roland Eugster

Roland Eugster

Senior corporate communications specialist

Switch

View all posts