Brno University of Technology and Masaryk University organized a public seminar within the series Brno Security Meetings where students, researchers and other members of the local cybersecurity community meet to discuss the latest trends and developments in different areas of cybersecurity. This time, Katarina Galanská, a researcher at Masaryk University who tries to identify and address gaps in the usability of penetration testing reports among ICT professionals, talked about usable security and the process of penetration testing.
As Katarina says, penetration testing is a critical cybersecurity activity, but its effectiveness relies on clear and actionable reporting. However, a critical challenge lies in improving the reporting process, ensuring that customers receive informative, easy-to-understand reports, and facilitating efficient remediation.
Last year, Katarina prepared two workshops in Estonia in cooperation with her colleagues from Cybernetica. These workshops aimed to share experience with the process of penetration testing and to gather perspectives from IT professionals who work with penetration testing reports and get feedback on how to improve the quality of such reports. The workshops were tailored to cater to a diverse audience, ranging from technical professionals such as developers, validators, and administrators to cybersecurity managers and decision-makers.
The interactive sessions within these workshops revealed some of the pain points experienced by individuals across various technical proficiency levels in cybersecurity. The aim is to understand the usability gaps in penetration testing reports that can then reveal new methods of writing these reports and help IT professionals, ranging from technical staff to managers, better implement security measures.