Speaker: Katarína Galanská, PhD student FI MU
Title: Mastering Penetration Testing Reports

Abstract: Penetration testing is a critical cybersecurity activity, but its effectiveness relies on clear and actionable reporting. However, a critical challenge lies in improving the reporting process, ensuring that customers receive reports that are informative, easy to understand, and facilitate efficient remediation. This presentation will explore the approach of incorporating workshops and focus groups to gather perspectives from IT professionals who consume penetration testing reports. These interactive sessions reveal the pain points experienced by individuals across various technical proficiency levels in cybersecurity. The findings reveal patterns of misunderstanding, misinterpretation, and gaps in security recommendations. During the presentation, we will look at the analysis of workshop user study and focus group data, which provided insights into factors that influence the IT professionals' comprehension of the information provided in the report. Understanding the usability gaps in penetration testing reports is essential for ensuring that IT professionals, ranging from technical staff to managers, can effectively implement security measures.

(the following planned talk had to be cancelled)

Speaker: Alessia Michela Di Campi, PhD student at Ca’ Foscari University of Venice
Title: Password guessing: learn the nature of passwords and crack them by studying the human behavior

Abstract: This presentation explores the vulnerability of passwords, emphasizing human behavior in password creation. It delves into common mistakes, patterns, and linguistic habits, utilizing data leaks for analysis. The study considers psychological nuances, investigating the relationship between external factors, grammar rules, and password choices. Unlike other studies, it focuses on the human element, examining patterns, replacements, and relationships with dictionaries. The analysis extends to password length, numbers, symbols, and various cyber attacks targeting human psychology. A socio-psychological study confirms findings, emphasizing profiling's importance in understanding password choices. The conclusion stresses the crucial role of psychological factors in cybersecurity as the network's use grows. Additionally, the presentation discusses the challenge of securing passwords against attacks, acknowledging human tendencies in password selection. It proposes enhancing password cracking tools through automated training techniques, nearly doubling success rates and setting a new benchmark for research in password guessing.