Penetration Testing, powered by Pentest People

Find IT security gaps that other tests miss

Active vulnerability hunting, led by cybersecurity analysts that've helped keep the Ministry of Defence secure for over 30 years.

Untitled design (33)-min

Penetration testing - what you get

CREST accredited PenTesters

A quality service you can trust. Why? Our CREST accredited service was independently audited to confirm our quality PenTesting processes; our compliance with ISO27001 and ISO9001 standards; and the high standards we use to keep your data safe.

6 categories of PenTest

Choose from six expert penetration test areas: Infrastructure, Web Applications, Social Engineering, VPN configuration, Firewall and Network Security.

Live vulnerability report

Every penetration test includes free access to SecurePortal*, a live dashboard that reveals vulnerability data as it's discovered. The result? Remediate at a second’s notice, and cut any risk of your data being exploited immediately 💪_ *Powered by Pentest People

The six steps of our Penetration Test

Delivered in partnership with Pentest People - our joint CREST, CHECK and NCSC-accredited expertise, 30 years experience in helping keep the Ministry of Defence secure and pioneering SecurePortal platform make our joint service is one of the most comprehensive, affordable and quality Penetration Tests available in the UK today.

Here's how we do it.

  • Scoping

  • Recon

  • Assessment

  • Reporting

  • Presentation

  • Remediation

We start by setting the parameters for the project. Once agreed, Pentest People use their SecurePortal to share scoping documents and securely communicate project updates as the penetration test gears up to launch.

Using the public domain, search engines and public records - we'll collect collect information about your organisation and  network. In the case of an internal assessment, we'll also investigate your wired and wireless networks for network protocol information, addressing details, and user credentials.

Next, we'll look for active hosts and any open ports to see what services are running, and the host operating system.

First, we'll check your operating system and services for known vulnerabilities and  privileged access levels that can be achieved. Don't worry, we don't run check's that'll affect services (but they can be can be included by request).

We'll attempt to access any services we find that require a username and password with the default password, and also commonly used username and password combinations. 

Next, we present you with an executive summary of our findings and a more detailed report.

We include:

  • key findings
  • top ten remedial action recommendations
  • A table of hosts, including open ports identified, services available on those ports, identified vulnerabilities and remediation advice.
  • All identified vulnerabilities, categorised by severity level.

Separate sections are included for any additional advanced assessments carried out, which are cross-referenced to applicable host assessment data.

Your executive summary and full report are are uploaded to the secure document area of Pentest People's SecurePortal. Next, we'll schedule a de-brief meeting.

Here, we'll discuss any major issues arising from the assessment and answer any questions you have.

We don't just find problems - we're a full service security service provider. If any security gaps have you stumped, we can provide the expertise, hardware, software or managed services to fix them for you. 

It's completely optional, but the extra support is there if you need it. 

Why boxxe?

Plug security gaps with optional affordable solutions

Who wants to be left with a list of issues they can't fix? From hardware and software provision to managed services and consultancy - we can help you plug any security gaps we find.

Market-leading security expertise

We've supported the Ministry of Defence's cybersecurity for over 30 years - so you can be confident that your cybersecurity is safe with us.

Our security clients

Expertise in action

What happens when you try hacking a security specialist?

boxxe managed threat detection and response team

Someone tried hacking boxxe last June, bless them.

We hate to say it, but if people are trying to hack cybersecurity experts like us - they're definitely trying to hack you. The difference? Well, find out how it went for our would-be hackers.

(spoiler: not well)

Read the story

Our clients love us

Your pain? We understand. That's is why we do what we do, and can provide you with a service like no other.

"I know that no matter what the challenge might be, I can go to boxxe and say 'I've got this issue here. What are your thoughts about it?" and get a solid answer back - I've never had to go back and question them."

“Working with boxxe has been a fantastic experience, they saw my vision and brought it to life, adding their own innovative and forward thinking ideas. It’s paved the way to Thirteen Group being Microsoft-first in our future developments.”

“We have had excellent support from boxxe for many years, all the work done has been in accordance with MOD requirement hence ensuring we maintain the required accreditations for MOD Contracts.”

The nitty gritty

Frequently asked questions

Are testers CHECK and/or CREST certified?

Your tester will have both certifications. That means you can be confident that the knowledge, skills and competence of the professional delivering your penetration test are at the highest standards, as confirmed by external experts. 

google-site-verification: google4fc050a79b