They trust boxxe
Penetration testing - What you get
CREST accredited PenTesters
A quality service you can trust. Why? Our CREST accredited service was independently audited to confirm our quality PenTesting processes; our compliance with ISO27001 and ISO9001 standards; and the high standards we use to keep your data safe.
6 categories of PenTest
Choose from six expert penetration test areas: Infrastructure, Web Applications, Social Engineering, VPN configuration, Firewall and Network Security.
Live vulnerability report
Every penetration test includes free access to SecurePortal*, a live dashboard that reveals vulnerability data as it's discovered. The result? Remediate at a second’s notice, and cut immediately any risk of your data being exploited
* Powered by Pentest People
- The 6 Steps in our Penetration Test -
Delivered in partnership with Pentest People - our joint CREST, Check and NCSC-accredited expertise, and pioneering SecurePortal platform, make our joint service one of the most comprehensive, affordable and qualitative Penetration Tests available today.
Here's how we do it ...
Scoping
We start by setting the parameters for the project. Once agreed, Pentest People use their SecurePortal to share scoping documents and securely communicate project updates as the penetration test gears up to launch.
Recon
Using the public domain, search engines and public records - we'll collect collect information about your organisation and network. In the case of an internal assessment, we'll also investigate your wired and wireless networks for network protocol information, addressing details, and user credentials.
Next, we'll look for active hosts and any open ports to see what services are running, and the host operating system.
Assessment
First, we'll check your operating system and services for known vulnerabilities and privileged access levels that can be achieved. Don't worry, we don't run check's that'll affect services (but they can be can be included by request).
We'll attempt to access any services we find that require a username and password with the default password, and also commonly used username and password combinations.
Reporting
Next, we present you with an executive summary of our findings and a more detailed report. We include:
- Key findings
- Top ten remedial action recommendations
- A table of hosts, including open ports identified, services available on those ports, identified vulnerabilities and remediation advice.
- All identified vulnerabilities, categorised by severity level.
Presentation
Your executive summary and full report are are uploaded to the secure document area of Pentest People's SecurePortal. Next, we'll schedule a de-brief meeting.
Here, we'll discuss any major issues arising from the assessment and answer any questions you have.
Remediation
We don't just find problems - we're a full service security service provider. If any security gaps have you stumped, we can provide the expertise, hardware, software or managed services to fix them for you.
It's completely optional, but the extra support is there if you need it.
Why boxxe?
Fix any issues found
Who wants to be left with a list of issues they can't fix? We can fix any vulnerabilities that leave you stumped. From hardware and software provision, managed services to consultancy - you've got support for plugging any security gaps.
Become Ministry of Defence-level secure
We can help you become as secure as the Ministry of Defence - a cyber defence titan who we've supported for 30+ years.
EXPERTISE IN ACTION
What happens when you try hacking a security expert?
Someone tried hacking boxxe last June ...
We hate to say it, but if people are trying to hack cybersecurity experts like us - they're definitely trying to hack you. The difference? Well, find out how it went for our would-be hackers.
(spoiler: not well)
Our clients love us
Your pain? We understand.
That's why we do what we do, and can provide you with a service like no other.
THE NITTY GRITTY
Frequently asked questions
1. Are testers CHECK and/or CREST certified?
Your tester will have both certifications. That means you can be confident that the knowledge, skills and competence of the professional delivering your penetration test are at the highest standards, as confirmed by external experts.
Penetration Testing
Need more information? Read our Service Overview
See more about how our Security Analysts can find vulnerabilities and immediately cut any risk of your data being exploited.