It is certainly no mystery that cyber attacks are on the agenda.

Cyber criminals continually seek and exploit new challenges to be more effective in their criminal actions.

In addition to this, there is the rapid evolution of computer systems now widely used, which should be updated promptly.

If our networks and systems grow rapidly, it can become complex to identify and keep under control any problems that could expose us to cyber attacks and data loss.

So, let’s see what are the three essential checks that we should periodically carry out on IT systems.


The Vulnerability Assessment is the verification of the problems (vulnerabilities) affecting the company’s IT systems.

These vulnerabilities can include the absence of system or applications updates, mis-configurations, design flaws, incorrect protocols, malicious shares, users no longer in use, etc.

These issues, if exploited by a malicious attacker, could lead to systems breach resulting in malware infection or data loss.

It is important to carry out an in-depth Vulnerability Assessment of corporate systems (servers, PCs, mobile devices,) at least once a year, preferably more frequently.

The continuous and regular management of the vulnerability assessment cycle is referred to as Vulnerability Management.

This would be ideal for systems monitoring and early identification of issues.

But it also requires dedicated resources to this process and, in the absence of these resources, it is essential to rely on a good Cyber Security expert who can carry out a Vulnerability Assessment of the systems at least every 6-12 months.


The Penetration Test is the verification of the exploitability of the problems detected with the Vulnerability Assessment.

In practice, if the Vulnerability Assessment finds system vulnerabilities, the Penetration Test tests how much and how these issues could be used by cyber criminals to violate the same systems.

This is a complex test, conducted from the perspective of a potential attacker by simulating a cyber attack (while ensuring that it does not cause real damage to the systems being tested, but evaluating its potential effects).

It is carried out by Ethical Hackers with in-depth knowledge of systems and protocols.

Although the Vulnerability Assessment often seems like a sufficient verification, it is only through the Penetration Test that the degree of exposure of the company to cyber attacks can be really assessed, but also the data and systems that a criminal could reach once access is obtained.

It is essential to carry out both checks and to rely on long-time Cyber Security experts who will be able to ensure high reliability while conducting effective tests.


The Code Review is the verification of the code used to write software applications and websites to search vulnerabilities and quality issues that could be exploited to violate these systems or that could in any case affect their correct functioning.

The code review is performed to find defects, incorrect or dangerous functionality, any presence of malware, but also to improve the quality, the performance of the software and verify compatibility with security standards.

It is very important that this activity is carried out by different personnel than the author or authors of the code being tested, and that the person running it has an excellent knowledge of systems and programming languages.

Often ignored among the checks of IT systems, the Code Review activity should instead be mandatory in particular in the presence of critical software, applications (including mobile ones) that process sensitive data and e-commerce portals.

It is good practice to perform code reviews before applications and sites are put into operation, in order to mitigate any problems found.

But it is also important to repeat the check periodically to ensure that there are no new defects (such as malware injected into the code).

Good job!

Latest news





With the European Cybersecurity Month (ECSM), the European Union promotes awareness of threats and the culture of security among citizens. Exprivia, an international group specialized in Information and Communication Technology – with a strong presence in Southern Italy – , participates in the campaign by organizing the Apulia CyberSecurity Forum, placing the human factor and training at the center of its event.

In fact, we are all worried about software and hardware vulnerabilities, but the human element is the vulnerability that is most often used by attackers

The event is in its second edition and will once again be streamed on November 9-10-11-12, 2021.

During the four days, it will be possible to hear the experiences of industry specialists who will discuss security as intrinsic value, regulations, IoT, AI, zero trust and threat intelligence.

Within the agenda of the CyberSecurity Forum, during the second day, Wednesday 10 November 2021 (at 3:30 PM Italian time), there will be a double interview with our CEO Sofia Scozzari and her husband, Andrea Zapparoli Manzoni, Director of Crowdfense, a UAE-based company that deals with Vulnerability Research Management.

Both well-known and active for over fifteen years in the world of Cyber Security, they will tell us about their experiences, starting from their marriage survived to such a particular profession.

Thanks to the interview by Domenico Raguseo, Head of Digital Factory CyberSecurity Exprivia, various topics will also be explored including the present and future of Cybercrime and Cyber Security, to understand their trends, but also to anticipate the next evolutions.

Operating in two completely different sectors of Cyber Security, Andrea and Sofia can offer a different but complementary vision of this complex area.

Without forgetting the importance of the human factor, especially in the presence of cyber attacks that increase year by year, both in terms of the frequency and the criticality and complexity of criminal operations.

As Sofia likes to repeat, when we talk about cyber attacks we must in fact consider ourselves as if we were walking in a hive: sooner or later it is inevitable to be stung.

It is important to be aware of this and to be well prepared.

Don’t miss the double interview!

Latest news





Quella che è appena iniziata si presenta come una settimana ricca di eventi imperdibili.

Si inizia martedì 26 ottobre 2021 con:


Con WOMEN FOR SECURITY parteciperemo a questo evento all’interno dell’INTERNET FESTIVAL (IF2021) e affronteremo il tema: chi è un Ethical Hacker, perché il suo ruolo è così importante e quali sono gli altri ruoli della Cyber Security.

La sessione si propone di spiegarlo partendo dalla demo live di un cyber attacco a cura di un Ethical Hacker, per mostrare come i cyber criminali riescono a violare i sistemi.

La demo mostrerà come i cyber criminali riescano ad ottenere l’accesso ai sistemi delle vittime e come sia possibile prendere il controllo di un dispositivo attraverso semplici tecniche di ingegneria sociale ed alcuni “tips and tricks” tecnici.

Approfondiremo quindi il funzionamento di un attacco Phishing, del perché venga utilizzato così di frequente dai cyber criminali e quali siano le tecniche che ne permettano un così alto tasso di successo.

A seguire ci sarà una tavola rotonda alla quale oltre alla nostra founder Sofia Scozzari parteciperanno anche Samanta Fumagalli e Carmen Palumbo. Temi caldi saranno la diffusione del Cybercrime, le esperienze e le figure della Cyber Security – che intervengono quotidianamente anche in ambiti non tecnici come quello Legale, del Marketing e delle Vendite.

Il target dell’evento online sono i ragazzi nella fascia 14-18.

Abbiamo al momento 17 classi di scuola superiore iscritte all’evento.

L’affluenza prevista è quindi di circa 250 studenti (alcuni connessi singolarmente, altre saranno classi connesse come Utente unico, utilizzando la LIM all’interno della classe).

Mercoledì 27 ottobre 2021 alle 18 ora italiana, Sofia Scozzari parteciperà al GeekTalk di Extraordy per parlare de “La Donna nell’IT”.

Nel 2019 le donne rappresentavano il 20% della forza lavoro globale nella Cyber Security (erano l’11% nel 2013).

Pare che entro il 2021 arriveremo al 25%.

In Italia, solo il 14% di donne è dipendente in ambito ICT. La media UE è del 17%, ed è purtroppo in calo da 10 anni.

Uno studio americano del 2020 dimostra invece che le donne sono il 29% della forza lavoro dell’IT in aumento rispetto agli anni precedenti (erano il 26% nel 2019).

Quindi, quanto meno a livello globale, la situazione sta migliorando, ma siamo ancora lontani dai numeri che ci aspetteremmo.

Eppure la disponibilità di posizioni nel settore IT è nota a tutti.

Il tasso di disoccupazione nella Cyber Security è dello 0% dal 2011.

Dal 2013 al 2021 le posizioni in ambito Cyber sono cresciute del 350% e sono previsti 3,5 milioni di posti di lavoro vacanti nel settore della Sicurezza Informatica a livello globale (erano 1 milione nel 2014).

Per quale motivo, nonostante queste premesse, le donne nell’IT e nella Cyber continuino ad essere in minoranza è un mistero.

Non esiste nessun impedimento fisico o alcuna selezione di genere.

Anzi, le donne con le loro caratteristiche uniche, sono dotate naturalmente di soft skills che sono molto utili nell’IT.

Il problema risiede forse nell’educazione, in quanto le donne si autoescludono dalle posizioni tecniche convinte fermamente (e a torto) di non averne la predisposizione.

È proprio sull’educazione che bisogna pensare gli interventi più radicali a mio parere, proponendo attività STEM fin da giovanissime ed andando ad intervenire anche sui giocattoli: meno Barbie e più Lego!

Insomma, l’IT non è un lavoro solo per Nerd!

Buon ascolto e buona visione a tutti, non mancate!

Latest news

					-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFyONI0BEAC3wJRo5qhtr1KsqVdMz7b5JqHmt7H0ZZr14oJ9TV/hD9LMfrKpnQ94dFGnpfGa BKC1wSoJN4Yfs5lg5YmN4hmHmm6PkjgQdenVgL4YDfLDodwn5DgXKuywRBqIFbbnTDvFAb03DX2A FPnc+4g2QHsfiFycz+ISg/Z+8i21gY3j5oZlrdMKVWrNczrNc/lDJqJ36RSYDn1QzAW1ZGY/pUXk imPRvLew5Idr3462sZVVhuUFMD3Uf/W1SaS3bSEQM89pSYKZfo8AFpAs659Mn7gqKru6ndxilRdF wJGQuepqR8kz+vVPLyxJj68ii2ZBIY50RQvSBgJRnNF/Htp30cuk3v8jfSGZit9XYTTGQThVbfGR ZcKWze/iF+es110+mNXA/8s7jKs95PI+z1Foc9o74Ujs8dvjEGHTaESIEzX3JtEZUCZUiPt/P8pU Jw0ewbj1XCacYxYVsR7ODlf6GEsjt868WcjiqsuuZo2rzO4og9hFU5DlBzuePklfhw8dO5CiMN2H vtSkAn4DkgHqC+JiciHc9h5Cvvfjp52oQPj1eYmU3LkOvGFmPXVIts3VfxsQT3gk+DmrQ4J//fAl tNRSbMBnGu5F/qnLLkJmKRKPKNNcpjptFznKxLZbxW5QbAeDok3ho8YQACfADKcrmaIRkoPr8/mn PxZgMSMB87W7sQARAQABzSRTb2ZpYSBTY296emFyaSA8c29maWFAaGFja21hbmFjLmNvbT7CwZQE EwEIAD4WIQTNwEbcXbH0vegGlHCd6fr0nsTifwUCXI40jQIbIwUJEswDAAULCQgHAgYVCgkICwIE FgIDAQIeAQIXgAAKCRCd6fr0nsTifwKuD/4+3MaN+9eFiltI06fFBjr1Csh0OLFw89jFnpuYl9Sm ImVqmBwrnm+APxxLK4M+FMuNm4fW08X249t09Nsf0ba6UJ0HR/7/fRTipjzRLqHSr0+ZjVUGHhon fuuFZgNzPA5RmQZZCyiwyqZJs7pLn1QI/CtlDP6MsQhadywbkO/5LlDoBoYh/2DYNA/mtEfJbvc/ cOvfk47thj5OzcXJEWFxz7h2P5C2ELwxdhNPC+uqcOQkTScnuIBJooheJPhdmqOtOwrbUUIfaryM IESrol3Jg3/MUOe7FLXhwCSQGY1iefzl4py2jTeK936GMBHifLSUCA88lpE7ALkbf3+qJ9ABra9G e9e0dirIlPvFgBkEBBXsoIReQLrhHKFBtvKdrrE9Rb7kAwon+sW+3Uf6Ie3M8nTisGy2AmlI/tQ5 V0MHU2UJUNcc59hk7ADIlXN64eeqELgsMtlR4wEHd6nwcEpoPCTWfrVSwzsPtXUGNAGbgGxISv/F ltcFJ6Qw6Zy4f+YBEyCx/7GA3kjLllkcHv4kwHpP+WQCzbjh2JdkGEp5AY7puil1AtOFcbirbHbR 83KVeqx4Vvlyh2jhIDQYB/9qpTDC1xDKpndn40gnNd5hvjK0I0Xvbhb0PLhCpJQ5tsvPiQHjhOMF Wye3ZigaX1gTZxE29MLtwBbOYdGCYG0MrM7BTQRcjjSNARAAupAKTZXLRktriUVqhkZpU8zUVwrW ik6siStg7BppSJuKVW+Ic8QIagW0I48d2jZIIXrQRvqVBixn8eeBTE8Cujum1mZyhTw2sri3gE9i 81gisF17T/uewzRyYwx8obMfSEBnwJa44td7VjtbfLMRtfneK9R40+kELhhvXZa3DBbcG86zHVPU f1YkLX4RNSyjz4vOCX3WlcIAOr6MJA8DT+F5mUCVEhnkeUbflXtxRSeTUTfOw/3MYLs+mc6hWwLq gqTMcIQhDrYEY5wUgb5Mj86NR/uvsThL6MtWCJWVbfxHxM575woyTdD9E6HGO6loHYdky/7I+XFZ twgxsGn6HJYT+Gwn9BI5/DiwT1Qb/AyADktN1jGmZGTlniS+hly7rm0EHb2CTTM5zT1fh/sCOtQb nYIUf2in2cIfcFvzeFrUbDk2HfJMp5FmY6tBEV5xyNCww/mBkW2nuZy9CvAheJEOGoO8lyonPU2u ARq345LdbS6l+VdivPmZoLNpIMRw9MSTYmzm08h7C+/6hxzpjw1/nWZ+W2k9VpLutEs7KMtsbZR4 WhVFVS1uhqxrnjoeBHznh360Ou8SR+PFO0HIrYz4W7ayfcBhqcsGrM9u1E892gjUVTbPv8UoXQ8S Zm9ra2jqbfZGbyOpMIlyMzHTak7r0IZvCedEUDCimitbw98AEQEAAcLBfAQYAQgAJhYhBM3ARtxd sfS96AaUcJ3p+vSexOJ/BQJcjjSNAhsMBQkSzAMAAAoJEJ3p+vSexOJ/C+wP/iGvKG1NldCT2gR7 oWhmvgBnsD7qjC57RX0Go7WD1lmrWP4xWpvM6Tj0V4ZsXnyB8zUR38p49PPymjwy51FAss5PYh8S bVC1/sKC5Sae3kiAoMGH29MBAwL1IkJ8PNw6uOJHhUIJgKT5RWk2f7q3+Tha19slXwD/FC1IcBJK baxyVkG3cG5AnNvvKZyFAUNZ9FiBycaNHO4o6bCcCzSsaRLL2azudJLrF8UYPfTNBQ6Cr4QLqaRb t+ZqL2nqmcadO1AtxLtq5lQjxbhJ3jSYIcQJRq0ztbIBcPrdR2B/dfVED9cU5leSmNXxrh09gJ7N tmUpVo5fBcbf6fP7h2HIFBpH+G/8UUlcbm9pQ5Jcb8FEom0JrfaIAuv1gEIJAk1mkqLNzWUs8KuL nCBBVT2+2hfEZjtjUYbCLVB4LRCsLs9CY1wS3yKca90S8m0tfKcSj3K3k8qlKodkE2raX2GW2dm9 b200ENbb41B1uZlPts4Yh/AMfLqoNv8wyw0GlUQ2DqgDqviLANYbg4/GHwTLwO2b9UMHuTVU3woS 1LRKt0iPPsd+ir+9YRAVt5LB5XTS5C5cdIW9JSXQ+0cnbr3LPZCBulOew/M72liBINKWKGoUyueF 73ckNO9S7pzTOCpjn3+gAuzN/itwgwrMLoqUqqBuxzd7cKNJHTFdTIfTm53f =KIMs -----END PGP PUBLIC KEY BLOCK-----