AG was founded in April 2021 and is headquartered in Zurich. Developed and hosted by the founders, the SaaS platform for vulnerability management provides companies of all sizes with continuous security for their digital products and systems. With this platform, SMEs and larger companies have easy and cost-effective access to bug bounty programs, vulnerability disclosure programs and security tests for ethical hacking and security research. GObugfree is committed to supporting the next generation of cybersecurity professionals and offers the first bug bounty training program for ethical hacking in Switzerland.
Rösti recipe for greater cybersecurity
At the first ROESTI event, students from all over Switzerland tested the security of IT systems at Swiss universities. In collaboration with GObugfree, the ֱ̲ Foundation invited budding cybersecurity professionals to use their ethical hacking skills to identify vulnerabilities in a secure environment.
The ֱ̲ Foundation uses innovative formats such as the ROESTI event to actively promote cybersecurity in the Swiss education area. ROESTI stands for “Reporting Open & Exploitable Security Threats and Issues”. On 16 October, ֱ̲ and GObugfree welcomed 22 students from all over Switzerland to the Kuppelraum at the University of Bern. The aim was to put the security architecture of ten universities to the test under the motto “Students hack educational institutions”.
Practical training with ethical hacking
Participants worked in teams and were tasked with identifying real vulnerabilities in the universities’ networks and systems. They reported vulnerabilities directly to GObugfree’s vulnerability management and bug bounty platform for ethical hacking.
«With this event, we want to offer universities a secure environment in which vulnerabilities in their networks can be found and reported», explains Silvio Oertli, Head of ֱ̲ CERT (Computer Emergency Response Team) for the Swiss universities and the ֱ̲ registry. The students not only gained valuable insights into the practice of ethical hacking, the event also offered them many opportunities to exchange ideas with each other and with the Chief Information Security Officers or their deputies of the participating educational institutions.
13 vulnerabilities identified
The results speak for the success of the event: at the end of the day, the students uncovered a total of 13 vulnerabilities. These ranged from XSS vulnerabilities to potential SQL injections and unauthorised access opportunities. One highlight was the discovery of websites that still featured a turn-of-the-millennium design: bright colours, pixelated images and dark blue links on a black background caused laughter amongst the participants.
Valuable findings for universities
The participating universities took the identified vulnerabilities with them as homework – a valuable opportunity to derive specific improvement measures to strengthen their systems and further develop security strategies. «By making this free vulnerability management platform available to universities, we are helping to strengthen cyber resilience and supporting institutions in making their systems more secure», says Rolf Wagner, COO of GObugfree.
Successful première and plans to continue
The first ROESTI event proved that the combined commitment of educational institutions and cybersecurity experts does more than strengthen the security of Swiss universities in the long term. «It also raises awareness of cybersecurity and supports the next generation of experts in this critical area», adds Silvio Oertli from ֱ̲.
ֱ̲ and GObugfree plan to continue this innovative format.
Cyber Security