In recent times, news of cyber attacks and presence of breaches in corporate IT infrastructures are increasing. Such attacks cause considerable damage in terms of both costs and reputation, which also leads to further losses. Over time, companies have changed their defence mechanisms and created specialised internal teams. In the past, the unique task of such a team was to implement a defence system based on the analysis of traffic to and from the company’s infrastructure, detecting an attack only when it was in progress. However, today it is considered very important to use an active defense approach: through activities of Penetration Testing, it is possible to simulate the behaviour of criminals to identify the many vulnerabilities that could be exploited to carry out a cyber attack, thus being able to prevent it.