Skip to content

PENETRATION TESTING, POWERED BY PENTEST PEOPLE

Penetration Testing

 

Find IT security gaps that other tests miss with active vulnerability hunting led by Cybersecurity Analysts who've helped keep the Ministry of Defence secure for over 30 years

They trust boxxe 

Protas logo
Office for Environmental Protection logo
Carlisle City Council logo
Royal Armouries logo

Penetration testing - What you get

CREST accredited PenTesters

 

A quality service you can trust.  Why?  Our CREST accredited service was independently audited to confirm our quality PenTesting processes; our compliance with ISO27001 and ISO9001 standards; and the high standards we use to keep your data safe. 

6 categories of PenTest

 

Choose from six expert penetration test areas:  Infrastructure, Web Applications, Social Engineering, VPN configuration, Firewall and Network Security.

Live vulnerability report

 

Every penetration test includes free access to SecurePortal*, a live dashboard that reveals vulnerability data as it's discovered.  The result?  Remediate at a second’s notice, and cut immediately any risk of your data being exploited

* Powered by Pentest People

The 6 Steps in our Penetration Test

Delivered in partnership with Pentest People - our joint CREST, Check and NCSC-accredited expertise, and pioneering SecurePortal platform, make our joint service one of the most comprehensive, affordable and qualitative Penetration Tests available today.


Here's how we do it ...

Scoping

We start by setting the parameters for the project. Once agreed, Pentest People use their SecurePortal to share scoping documents and securely communicate project updates as the penetration test gears up to launch.

Recon

Using the public domain, search engines and public records - we'll collect collect information about your organisation and network.  In the case of an internal assessment, we'll also investigate your wired and wireless networks for network protocol information, addressing details, and user credentials.

Next, we'll look for active hosts and any open ports to see what services are running, and the host operating system.

Assessment

First, we'll check your operating system and services for known vulnerabilities and  privileged access levels that can be achieved. Don't worry, we don't run check's that'll affect services (but they can be can be included by request).

We'll attempt to access any services we find that require a username and password with the default password, and also commonly used username and password combinations. 

Reporting

Next, we present you with an executive summary of our findings and a more detailed report.  We include:

  • Key findings
  • Top ten remedial action recommendations
  • A table of hosts, including open ports identified, services available on those ports, identified vulnerabilities and remediation advice.
  • All identified vulnerabilities, categorised by severity level.
Separate sections are included for any additional advanced assessments carried out, which are cross-referenced to applicable host assessment data.

Presentation

Your executive summary and full report are are uploaded to the secure document area of Pentest People's SecurePortal.  Next, we'll schedule a de-brief meeting.

Here, we'll discuss any major issues arising from the assessment and answer any questions you have.

Remediation

We don't just find problems - we're a full service security service provider. If any security gaps have you stumped, we can provide the expertise, hardware, software or managed services to fix them for you.

It's completely optional, but the extra support is there if you need it. 

Why boxxe?

   Fix any issues found

Who wants to be left with a list of issues they can't fix?  We can fix any vulnerabilities that leave you stumped.  From hardware and software provision, managed services to consultancy - you've got support for plugging any security gaps.

   Become Ministry of Defence-level secure

We can help you become as secure as the Ministry of Defence - a cyber defence titan who we've supported for 30+ years.

 

Our clients love us

Your pain?  We understand.  That's why we do what we do, and can provide you with a service like no other.

“I know that no matter what the challenge might be, I can go to boxxe and say, ‘I’ve got this issue here.  What are your thoughts about it?’ and get a solid answer back.  I’ve never had to go back and question them.”

John Allan , IT Team Manager, Clackmannanshire Council

“We have had excellent support from boxxe for many years.  All the work done has been in accordance with MOD requirement, hence ensuring we maintain the required accreditations for MoD Contracts.”

Julian Floyd , Systems and IT Manager, Enterprise Control Systems Ltd

“boxxe has been responsive, open and collaborative.  The management of projects has been very good, with flexibility and agility.  We really get the impression that the core OEP teams in boxxe really care about delivering a good service to us.”

Abbey Law , Senior IT and Digital Officer, The Office for Environment Protection

"Working with boxxe has been a fantastic experience, they saw my vision and brought it to life, adding their own innovative and forward-thinking ideas.  It’s paved the way to Thirteen Group being Microsoft-first in our future developments."

Jayne Allport , Head of Service, Systems & Application Improvement, Thirteen Group

Get in touch

Interested in keeping your organisation safe with Pentesting?

To start finding IT security gaps that other tests miss, call us on the number below or fill in the form and we will be in touch.

 Your Specialist Tester is both CHECK and CREST certified
  Their knowledge, skills and competencies are of the highest standards, as confirmed by external experts

0330 236 9429

I would like to receive news and updates:

EXPERTISE IN ACTION

What happens when you try hacking a security expert?


Someone tried hacking boxxe last June...

We hate to say it, but if people are trying to hack cybersecurity experts like us - they're definitely trying to hack you.  The difference?  Well, find out how it went for our would-be hackers.

(Spoiler:  Not well)

For more reading, browse through our case studies

Browse Cybersecurity case studies to the right, or find all boxxe Case Studies below.

View all case studies