Prof. Dr. Marc Rennhard

Work at ZHAW

Position

Director of Department Department Information Technology, Electrical Engineering and Mechatronics

Focus

Professor for Information Security, focussing on Software Security, Security Testing, Security Analysis and Security Engineering. In teaching and research, I collaborate closely with the Institute of Computer Science (InIT).

Experience

• Head of Department Information Technology, Electrical Engineering and Mechatronics (IEM)
  ZHAW, School of Engineering
  2023 - today
• Professor (Lecturer until 2007) for Computer Science
  ZHAW, School of Engineering
  2004 - today
• Head of Institute of Computer Science
  ZHAW, Institute of Computer Science (InIT)
  2017 - 2023
• Head of Research Group Information Security
  ZHAW, Institute of Computer Science (InIT)
  2005 - 2017
• Senior IT Security Consultant (Freelancing)
  Consecom AG
  2007 - 2015
• Senior Researcher
  ETH Zurich, Zurich Information Security Center (ZISC)
  2004 - 2005
• Research Assistant
  ETH Zurich, Communication Systems Group
  1999 - 2004
• IT Consultant
  Solution Providers AG
  1998 - 1999
• Software Engineer
  Siemens Schweiz AG
  1995 - 1997

Education and Continuing education

Education

• Dr. sc. techn. ETH (PhD) / Anonymous Internet communication
  ETH Zurich
  1999 - 2004
• Dipl. El.-Ing. ETH (MSc)
  ETH Zurich
  1992 - 1998
• Matura Typus C
  Bündner Kantonsschule Chur
  1986 - 1991

Continuing Education

• ZHAW Leadership and Management Training
  ZHAW
  2009
• Certified Information Systems Security Professional (CISSP)
  ISC2
  2004
• Teaching Diploma for Higher Education in Computer Science
  ETH Zurich
  2003
• Cambridge Proficiency in English
  Cambridge English
  2001

Network

Membership of networks

• Information Security Society Switzerland (ISSS)
• Jury member Information Security Society Switzerland (ISSS) Excellence Award
• Informatics Europe (representative of ZHAW School of Engineering)
• Digital Society (DSI) Community Cybersecurity at University of Zurich
• Advisory Board scanmeter GmbH

Social media

LinkedIn

Projects

• OCTOPUS: Observing Communication Traffic Of Pre-installed Userspace Software / Project leader / ongoing
• Runtime Vulnerability Detection in Android Pre-installed Apps / Project leader / ongoing
• Cyber Resilience Network For The Canton Of Zurich / Co-project leader / ongoing
• Dynamic Security Analysis of Android Pre-installed Apps / Project leader / completed
• Dynamic Analysis of Internal Android Systems / Project leader / completed
• FASTscan: Fully Automated Security Testing with scanmeter / Project leader / completed
• OptiPhish – Effective and Measurable Phishing Awareness Training / Team member / completed
• CNO Software Development 2019 / Team member / completed
• scanmeter Next Generation / Project leader / completed
• SeCoSS: Secure Collaboration with SecureSafe / Deputy project leader / completed
• PhD Network in Data Science / Team member / completed
• Platform for automated security analysis of IT systems / Project leader / completed
• Highly Trustworthy Service for Linking Physical Products with Digital Information / Project leader / completed
• dokspot – Linking Physical Products with Digital Information / Project leader / completed
• SecureSafe for integrated usage in companies and eGovernment / Project leader / completed
• DSwiss SecureSafe Technology: Improving Mobile Platform Support / Project leader / completed
• Datasafe for professional Users / Project leader / completed
• A New Commercial Online Platform: schnappundweg.eu / Project leader / completed
• Corporate Data Safe / Project leader / completed
• IT-Security in the Area of Road Traffic Telematics / Project leader / completed
• Automated Software Security Testing 2 / Project leader / completed
• Online Datasafe / Project leader / completed

Publications

Articles in scientific journal, peer-reviewed

• Geppert, T., Dudas, T., Frei, P., Knieps, M., Ambuehl, B., Schaltegger, T., Rennhard, M., & Ebert, N. (2026). CYRENZH Cybersecurity Clinic : Konzept und Erkenntnisse. HMD Praxis der Wirtschaftsinformatik. https://doi.org/10.1365/s40702-026-01250-7
• Sutter, T., Kehrer, T., Rennhard, M., Tellenbach, B., & Klein, J. (2024). Dynamic security analysis on Android : a systematic literature review. IEEE Access, 12, 57261–57287. https://doi.org/10.1109/ACCESS.2024.3390612
• Rennhard, M., Kushnir, M., Favre, O., Esposito, D., & Zahnd, V. (2022). Automating the detection of access control vulnerabilities in web applications. SN Computer Science, 3(5), 376. https://doi.org/10.1007/s42979-022-01271-1
• Rennhard, M., Esposito, D., Ruf, L., & Wagner, A. (2019). Improving the effectiveness of web application vulnerability scanning. International Journal on Advances in Internet Technology, 12(1/2), 12–27. https://doi.org/10.21256/zhaw-17956
• Tellenbach, B., Paganoni, S., & Rennhard, M. (2016). Detecting obfuscated JavaScripts from known and unknown obfuscators using machine learning. International Journal on Advances in Security, 9(3/4), 196–206. https://doi.org/10.21256/zhaw-1537

Books, peer-reviewed

Rennhard, M. (2004). MorphMix : a peer-to-peer-based system for anonymous internet access [Doctoral dissertation]. Shaker.

Book chapters, peer-reviewed

Tellenbach, B., Rennhard, M., & Schweizer, R. (2019). Security of data science and data science for security. In M. Braschler, T. Stadelmann, & K. Stockinger (Eds.), Applied data science : lessons learned for the data-driven business (pp. 265–288). Springer. https://doi.org/10.1007/978-3-030-11821-1_15

Written conference contributions, peer-reviewed

• Gaber, C., Dejon, N., Ndiaye, N. G., Waedt, K., Lefebvre, V., Gür, G., Rennhard, M., Marinakis, A., Gizelis, C. A., Wary, J.-P., & Loiseaux, C. (2025). A continuous certification readiness framework for cloudification of IT/OT platforms [Conference paper]. 2025 IEEE International Conference on Cloud Engineering (IC2E), 42–46. https://doi.org/10.1109/ic2e65552.2025.00011
• Ndiaye, N. G., Waedt, K., Dejon, N., Gaber, C., Marinakis, A., Gizelis, C. A., Gür, G., Rennhard, M., Zeddini, O., Wary, J.-P., Orlando, D., Loiseaux, C., Photiou, V., Koulierakis, N., & Danilatou, V. (2025). Safety and cybersecurity under emerging EU legislation for industry : a use-case driven perspective [Conference paper]. In B. Coppens, B. Volckaert, V. Naessens, & B. De Sutter (Eds.), Availability, reliability and security (pp. 304–321). Springer. https://doi.org/10.1007/978-3-032-00630-1_17
• Schlaubitz, M., Veyisoglu, O., & Rennhard, M. (2025). A2CT : automated detection of function and object-level access control vulnerabilities in web applications [Conference paper]. In R. Di Pietro, K. Renaud, & P. Mori (Eds.), Proceedings of the 11th International Conference on Information Systems Security and Privacy (Vol. 2, pp. 425–436). SciTePress. https://doi.org/10.5220/0013092700003899
• Kushnir, M., Favre, O., Rennhard, M., Esposito, D., & Zahnd, V. (2021). Automated black box detection of HTTP GET request-based access control vulnerabilities in web applications [Conference paper]. Proceedings of the 7th International Conference on Information Systems Security and Privacy, 204–216. https://doi.org/10.5220/0010300102040216
• Lapagna, K., Zollinger, M., Rennhard, M., Strobel, H., & Derché, C. (2018). Dokspot : securely linking healthcare products with online instructions. HEALTHINFO 2018 : The Third International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing. https://doi.org/10.21256/zhaw-5000
• Esposito, D., Rennhard, M., Ruf, L., & Wagner, A. (2018). Exploiting the potential of web application vulnerability scanning [Conference paper]. ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. https://doi.org/10.21256/zhaw-3927
• Rennhard, M., Tschannen, M., & Christen, T. (2012). SecureSafe : a highly secure online data safe. Proceedings of the Eurosys Workshop on Measurement, Privacy, and Mobility (MPM 2012).
• Frei, A., & Rennhard, M. (2008). Histogram matrix : log file visualization for anomaly detection [Conference paper]. Proceedings of the Third International Conference on Availability, Security and Reliability (ARES 2008), 610–617. https://doi.org/10.1109/ARES.2008.148
• Rennhard, M., & Plattner, B. (2004). Practical anonymity for the masses with MorphMix [Conference paper]. In A. Juels (Ed.), Financial Cryptography (pp. 233–250). Springer. https://doi.org/10.1007/978-3-540-27809-2_24

Other publications

• Trammell, A., Rennhard, M., Amon, M., & Wolf, L. (2025, October 28). Towards an AI-based security consultant for SMEs. Swiss Cyber Storm - AI Village, Bern, Switzerland, 28 October 2025. https://doi.org/10.21256/zhaw-34519
• Sutter, T., Lapagna, K., Berlich, P., Rennhard, M., & Germann, F. (2021). Web content signing with service workers. ZHAW Zürcher Hochschule für Angewandte Wissenschaften. https://doi.org/10.21256/zhaw-22514
• Rennhard, M., & Marschal, C. (2011). IT-Security in der Verkehrstelematik. Strasse und Verkehr, 2011(10), 26.
• Rennhard, M., Koster, M., Marschal, C., & Schildknecht, L. (2011). IT-Security im Bereich Verkehrstelematik. Bundesamt für Strassen.
• Rennhard, M., & Christen, T. (2010). Der digitale Datensafe als SaaS-Dienst. Swiss Engineering STZ, 2010(10), 31.
• Rennhard, M., Tschannen, M., & Christen, T. (2010). 2-Factor authentication for mobile applications : introducing DoubleSec. ZHAW Zürcher Hochschule für Angewandte Wissenschaften. https://doi.org/10.21256/zhaw-1522
• Ruf, L., & Rennhard, M. (2009). Fälschbare Zertifikate. IT Security, 2009(1), 19.
• Rennhard, M. (2008). Automatisiertes Software-Security-Testing. IT Security, 2008(4), 24–26.
• Rennhard, M., & Frei, A. (2006). Dokumentensicherheit in verteilten Dokumenten-Management-Systemen - Projektbericht : Internal Report 05/01. ZHAW Zürcher Hochschule für Angewandte Wissenschaften.

Oral conference contributions and abstracts

• Rennhard, M. (2019, March 22). Schwachstellen vor den Hackern finden : automatisierte Sicherheitstests von IT-Systemen. Thurgauer Technologietag, Wängi, 22. März 2019.
• Rennhard, M. (2016, October 19). Client TLS testing / detecting obfuscated JavaScripts. Swiss Cyber Storm 2016, Luzern, 19. Oktober 2016.
• Rennhard, M. (2010, September 14). Internet Datasafe : Sicherheitstechnische Herausforderungen. ERFA-Tagung des Schweizerischen Instituts für Systems Engineering, Bern, 14. September 2010.
• Rennhard, M. (2010, September 14). Automatisiertes Software Security-Testing. ERFA-Tagung des Schweizerischen Instituts für Systems Engineering, Bern, 14. September 2010.
• Rennhard, M. (2009). Schwachstellen in Web-Applikationen : was steckt dahinter und wie nutzt man sie aus? 52. Tagung AK Technik, Zürich, 10.-11. Februar 2009.
• Rennhard, M. (2009, May 28). Schwachstellen in Web-Applikationen : was steckt dahinter und wie nutzt man sie aus? Asecus Seminar, Wallisellen, 28. Mai 2009.
• Rennhard, M. (2009, February 4). Schwachstellen in Web-Applikationen : was steckt dahinter und wie nutzt man sie aus? Computerlinks University Zurich, Zürich, 4. Februar 2009.
• Rennhard, M. (2008). Automatisiertes Software Security-Testing. Security-Zone 2008, Zürich, 24.-25. September 2008.
• Rennhard, M. (2008). Aktuelle Sicherheitsprobleme im Internet : Angriffe auf Web-Applikationen. FAEL-Seminar: Internet-Security - Wo lauern die Gefahren?, Zürich, 5. November 2008.
• Rennhard, M. (2008, March 5). Histogram matrix : log file visualization for anomaly detection. Third International Conference on Availability, Security and Reliability (ARES 2008), Barcelona, Spain, 4-7 March 2008.
• Rennhard, M. (2007, February 1). Web-Applikationen : Angriffe - und wie Sie sich dagegen verteidigen. IT-Security Forum #6, Winterthur, 1. Februar 2007.
• Rennhard, M. (2006). VoIP : Potentielle Sicherheitsprobleme. Security-Zone 2006, Zürich, 20.-21. September 2006.
• Rennhard, M. (2006). Fachhochschulen als Innovationspartner für KMU. Orbit-iEX 2006, Zürich, 16.-19. Mai 2006.
• Rennhard, M. (2006, November 10). Aktuelle Sicherheitsprobleme im Internet : Angriffe auf Web-Applikationen. Siemens-Dozierendentag 2006, Winterthur, 10. November 2006.
• Hülser, R., Rennhard, M., & Steffen, A. (2005). ICTnet - KTI : innovative Lösungen trotz beschränkten Ressourcen. Security-Zone 2005, Zürich, 21.-22. September 2005.
• Rennhard, M., & Mumprecht, E. (2005, July 13). PKI und Digitale Signatur : Theorie, Politik, Wunschdenken und Realität. WinLink - Lunch & Learn, Winterthur, 13. Juli 2005.
• Rennhard, M. (2004, October 26). Schutz der Privatsphäre aus Benutzersicht. IT-Security Forum #3, Winterthur, 26. Oktober 2004.

Publications before appointment at the ZHAW

• M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. Towards Pseudonymous e-Commerce. In Electronic Commerce Research Journal, Special Issue on Security and Trust in Electronic Commerce, Kluwer Academics Publisher, volume 4, issue 1-2, pages 83-111, January-April 2004.
• M. Rennhard and B. Plattner. Practical Anonymity for the Masses with Mix-Networks. In Proceedings of the 8th IEEE Intl. Workshop on Enterprise Security (WET ICE 2003), pages 255-260, Linz, Austria, 9th-11th June 2003.
• M. Rennhard. Anonymity for the Masses with MorphMix. Technical Report Nr. 159, TIK, ETH Zurich, Switzerland, May 2003.
• M. Rennhard. Practical Anonymity for the Masses with Mix-Networks. Technical Report Nr. 157, TIK, ETH Zurich, Switzerland, February 2003.
• M. Rennhard and B. Plattner. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), in association with 9th ACM Conference on Computer and Communications Security (CCS 2002), pages 91-102, Washington, DC, USA, 21st November 2002.
• M. Rennhard. MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. Technical Report Nr. 147, TIK, ETH Zurich, Switzerland, August 2002.
• M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. Analysis of an Anonymity Network for Web Browsing. In Proceedings of the 7th IEEE Intl. Workshop on Enterprise Security (WET ICE 2002), pages 49-54, Pittsburgh, USA, June 10th-12th 2002.
• M. Rennhard, S. Rafaeli, and L. Mathy. Design, Analysis, and Implementation of an Anonymity Network for Web Browsing. Technical Report Nr. 129, TIK, ETH Zurich, Switzerland, February 2002.
• M. Chapman, G. Davida, and M. Rennhard. A Practical and Effective Approach to Large-Scale Automated Linguistic Steganography. In Proceedings of the Information Security Conference (ISC 2001), pages 156-165, Malaga, Spain, 1st-3rd October 2001.
• M. Rennhard, S. Rafaeli. and L. Mathy. From SET to PSET: The Pseudonymous Secure Electronic Transaction Protocol. Technical Report Nr. 117, TIK, ETH Zurich, Switzerland, August 2001.
• M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. An Architecture for an Anonymity Network. In Proceedings of the 6th IEEE Intl. Workshop on Enterprise Security (WET ICE 2001), pages 165-170, Boston, USA, 20st-22nd June 2001
• S. Rafaeli, M. Rennhard, L. Mathy, B. Plattner, and D. Hutchison. An Architecture for Pseudonymous e-Commerce. In Proceedings of the Symposium on Information Agents for Electronic Commerce (AISB 2001), pages 33-42, York, UK, 21st-24th March 2001
• M. Rennhard, S. Rafaeli, L. Mathy. The Pseudonymity Network Architecture. Technical Report MPG-01-02, Computing Department, Lancaster University, Lancaster, UK, February 2001.
• M. Rennhard. A Software System for Turning Ciphertext into Plain English via Contextual Templates. Diploma Thesis, ETH Zurich, Switzerland, March 1998.

go back