Skip to content


Penetration Testing

Find IT security gaps that other tests miss with active vulnerability hunting, led by Cybersecurity Analysts who've helped keep the Ministry of Defence secure for over 30 years

They trust boxxe 

Protas logo
Office for Environmental Protection logo
Carlisle City Council logo
Royal Armouries logo

Penetration testing - What you get

CREST accredited PenTesters


A quality service you can trust.  Why?  Our CREST accredited service was independently audited to confirm our quality PenTesting processes; our compliance with ISO27001 and ISO9001 standards; and the high standards we use to keep your data safe. 

6 categories of PenTest


Choose from six expert penetration test areas:  Infrastructure, Web Applications, Social Engineering, VPN configuration, Firewall and Network Security.

Live vulnerability report


Every penetration test includes free access to SecurePortal*, a live dashboard that reveals vulnerability data as it's discovered.  The result?  Remediate at a second’s notice, and cut immediately any risk of your data being exploited

* Powered by Pentest People

- The 6 Steps in our Penetration Test -

Delivered in partnership with Pentest People - our joint CREST, Check and NCSC-accredited expertise, and pioneering SecurePortal platform, make our joint service one of the most comprehensive, affordable and qualitative Penetration Tests available today.

Here's how we do it ...


We start by setting the parameters for the project. Once agreed, Pentest People use their SecurePortal to share scoping documents and securely communicate project updates as the penetration test gears up to launch.


Using the public domain, search engines and public records - we'll collect collect information about your organisation and network.  In the case of an internal assessment, we'll also investigate your wired and wireless networks for network protocol information, addressing details, and user credentials.

Next, we'll look for active hosts and any open ports to see what services are running, and the host operating system.


First, we'll check your operating system and services for known vulnerabilities and  privileged access levels that can be achieved. Don't worry, we don't run check's that'll affect services (but they can be can be included by request).

We'll attempt to access any services we find that require a username and password with the default password, and also commonly used username and password combinations. 


Next, we present you with an executive summary of our findings and a more detailed report.  We include:

  • Key findings
  • Top ten remedial action recommendations
  • A table of hosts, including open ports identified, services available on those ports, identified vulnerabilities and remediation advice.
  • All identified vulnerabilities, categorised by severity level.
Separate sections are included for any additional advanced assessments carried out, which are cross-referenced to applicable host assessment data.


Your executive summary and full report are are uploaded to the secure document area of Pentest People's SecurePortal.  Next, we'll schedule a de-brief meeting.

Here, we'll discuss any major issues arising from the assessment and answer any questions you have.


We don't just find problems - we're a full service security service provider. If any security gaps have you stumped, we can provide the expertise, hardware, software or managed services to fix them for you.

It's completely optional, but the extra support is there if you need it. 

Why boxxe?

Fix any issues found


Who wants to be left with a list of issues they can't fix?  We can fix any vulnerabilities that leave you stumped.  From hardware and software provision, managed services to consultancy - you've got support for plugging any security gaps.

Become Ministry of Defence-level secure


We can help you become as secure as the Ministry of Defence - a cyber defence titan who we've supported for 30+ years.


What happens when you try hacking a security expert?

Someone tried hacking boxxe last June ...

We hate to say it, but if people are trying to hack cybersecurity experts like us - they're definitely trying to hack you.  The difference?  Well, find out how it went for our would-be hackers.

(spoiler:  not well)

Our clients love us

Your pain?  We understand.

That's why we do what we do, and can provide you with a service like no other.

“I know that no matter what the challenge might be, I can go to boxxe and say, ‘I’ve got this issue here.  What are your thoughts about it?’ and get a solid answer back.  I’ve never had to go back and question them.”

John Allan , IT Team Manager, Clackmannanshire Council

"Working with boxxe has been a fantastic experience, they saw my vision and brought it to life, adding their own innovative and forward-thinking ideas.  It’s paved the way to Thirteen Group being Microsoft-first in our future developments."

Jayne Allport , Head of Service, Systems & Application Improvement, Thirteen Group

“We have had excellent support from boxxe for many years.  All the work done has been in accordance with MOD requirement, hence ensuring we maintain the required accreditations for MoD Contracts.”

Julian Floyd , Systems and IT Manager, Enterprise Control Systems Ltd

“boxxe has been responsive, open and collaborative.  The management of projects has been very good, with flexibility and agility.  We really get the impression that the core OEP teams in boxxe really care about delivering a good service to us.”

Abbey Law , Senior IT and Digital Officer, The Office for Environment Protection


Frequently asked questions


1.  Are testers CHECK and/or CREST certified?

Your tester will have both certifications.  That means you can be confident that the knowledge, skills and competence of the professional delivering your penetration test are at the highest standards, as confirmed by external experts. 

Interested in finding out more about the benefits of Penetration Testing?

To start finding IT security gaps that other tests miss, call us on the number below or fill in the form and we will be in touch.

0330 236 9429

I would like to receive news and updates:

Penetration Testing

Need more information?  Read our Service Overview


See more about how our Security Analysts can find vulnerabilities and immediately cut any risk of your data being exploited.

Cybersecurity services you can rely on

We've built our reputation on providing world leading IT security services for the past 30 years. Explore our cybersecurity services below and see how we can support your business

Managed Threat Detection and Response

Managed threat detection responds to and counters cybersecurity risks, ensuring proactive protection and rapid incident resolution.


Penetration Testing

Adopt a programme of testing, remediation and management to combat your ever-changing security risks


Managed Endpoint Protection

Complete protection for all your endpoints with boxxe, including desktops (all major operating systems), laptops, servers, tablets, smartphones


Secure Content Delivery Service

Protect your organisation from malicious attacks, website spoofing and corrupt files


Security Solution Deployment

Protect your organisation from malicious attacks, website spoofing and corrupt files with our deep understanding of cybersecurity in all aspects of solution deployment and the whole development lifecycle


Vulnerability Management, Detection & Response

We identify your exposure to security vulnerabilities, safeguard your IT infrastructure and relieve the workload on your IT teams


Digital Forensics & Incident Response

With a full and detailed picture of security incidents, get your business back up and running while identifying and closing security vulnerabilities


Managed Firewall

We monitor, manage and maintain your firewalls, freeing up your time to concentrate on higher-value priorities to help your business thrive


Managed Email Gateway

Protect your business network from advanced threats and known risks, using security controls to manage information flowing in and out of your organisation


Browse through our case studies

Read Cybersecurity Case Studies to the right, or access all boxxe Case Studies below

View all case studies

Our tech capabilities are here to accelerate your success

We provide 360 support across all business needs, from services and solutions to a huge range of products to keep your business running efficiently. Explore our technology capabilities below and get in touch to see how we can be of help.

Hybrid Cloud

Our services and consultancy helps your organisation with the implementation of complex hybrid cloud solutions


boxxe has a proud legacy and proven track record in providing military-level cybersecurity solutions for businesses

Modern Workplace

Our modern workplace services and solutions help you to get the best from your people, no matter where they are

Software Licensing & Services

Our extensive knowledge of licensing and software means we can help any business, big or small

Hardware Services

We believe that the management and services for hardware are key to any business. We have the expertise to support and ensure your busin...


Our services will help your organisation with the implementation of complex hybrid cloud solutions

Create a business account and start shopping top-brand tech

Create a business account and instantly start shopping confidently with self-serve features designed for businesses and access to a dedicated account team when you need it. Register now.

Register now