Penetration Testing, Ptaas, Intrusion & Security Pentest Services

Home
Services & Solutions
Cybersecurity
Penetration Testing

Your company account is blocked and you cannot place orders. If you have questions, please contact your company administrator.

Find your cybersecurity gaps before attackers do

How confident are you that your defences are impenetrable?

There are cybersecurity vulnerabilities within every organisation. And there's no shortage of cybercriminals seeking to exploit them, either. Relentlessly scanning your digital infrastructure for the weakest entry point, it's only a matter of time before they find a way in.

With data breaches making headlines and regulatory bodies imposing stringent fines for non-compliance, the stakes have never been higher. A single security lapse can lead to huge payouts, reputational damage and even legal action.

Our penetration testing service identifies the vulnerabilities in your system by simulating real-world attacks, using the same cutting-edge techniques that hackers would. Armed with these insights, you can fix the issues and fortify your defences – or we can do it for you.

"Cybercriminals are constantly developing new, sophisticated methods of attack. For example, AI is being used to scale up existing techniques like ransomware and phishing. Traditional security measures and a reactive approach simply aren't enough to stay safe anymore."

Andy Batty , Security Sales Specialist, boxxe

How boxxe's penetration testing services can help

Accredited and licensed penetration testers

Delivered in partnership with Pentest People, our service delivers CREST and CHECK-accredited expertise in compliance with ISO27001 and ISO9001 standards. You can rest assured you're getting the highest standards of penetration testing.

Comprehensive penetration testing

With six different pen test focus areas available – including Infrastructure, Web Applications, Social Engineering, VPN configuration, Firewall and Network Security – you have the option to cover all bases or just the ones you need the most help with.

Live vulnerability report

Every penetration test includes free access to SecurePortal*, a live dashboard that reveals vulnerability data as it's discovered. The result? Remediate at a second’s notice and eliminate any risk of your data being exploited.

* Powered by Pentest People

Optional remediation

Who wants to be left with a list of issues they can't fix? We can remediate any vulnerabilities that leave you puzzled. Whether you need hardware and software provision, managed services or consultancy, you've got support for plugging any security gaps.

They trust boxxe

How our penetration testing process works

Delivered in partnership with Pentest People - our joint CREST, Check and NCSC-accredited expertise, and pioneering SecurePortal platform, make our joint service one of the most comprehensive, affordable and qualitative Penetration Tests available today.

Here's how we do it...

Scoping

This process begins by setting the parameters for the project. Once agreed, Pentest People use their SecurePortal to share scoping documents and securely communicate project updates as the pen test gears up to launch.

Recon

We'll collect information about your organisation and network using the public domain, search engines and public records. In the case of an internal assessment, we'll also investigate your wired and wireless networks for network protocol information, addressing details, and user credentials.

Next, we'll look for active hosts and any open ports to see what services are running, and the host operating system.

Assessment

First, we'll check your operating system and services for known vulnerabilities and privileged access levels that can be achieved. Don't worry, we don't run checks that affect services - but we can include these on request.

We'll attempt to access any services we find that require a username and password with the default credentials and also commonly used username and password combinations.

Reporting

Next, we present you with an executive summary of our findings and a more detailed report. This includes:

Key findings
Top ten remedial action recommendations
A table of hosts, including open ports identified, services available on those ports, identified vulnerabilities and remediation advice.
All identified vulnerabilities, categorised by severity level.

Separate sections are included for any additional advanced assessments, which are cross-referenced to applicable host assessment data.

Why choose boxxe as your pen testing partner?

After more than 35 years of delivering world-leading cybersecurity services like penetration testing, we've learned a thing or two about how to combat ever-changing security risks.

Bespoke service: No two organisations are the same. That's why our team takes the time to understand the challenges you face and create a tailored approach that best serves you.
Vast experience: We've partnered with a wide range of private and public sector customers, including the Ministry of Defence, so we have the know-how to help your organisation achieve military-grade levels of security.
Innovative partners: Our partnerships with leading brands like Pentest People allow us to offer you cutting-edge solutions like the SecurePortal dashboard.
Exceptional results: Our passion and expertise have helped us delight our clients time and again – and we'd love to do the same for you.

Our customers love us

Technology is our tool, but people are the driving force of what we do. The meaningful relationships we build with our clients help us provide a service like no other.

"Working with boxxe has been a fantastic experience, they saw my vision and brought it to life, adding their own innovative and forward-thinking ideas. It’s paved the way to Thirteen Group being Microsoft-first in our future developments."

Jayne Allport , Head of Service, Systems & Application Improvement, Thirteen Group

“We received an excellent service from boxxe and greatly appreciated their flexibility in helping us achieve our aims for this project in a very limited time frame before the submarines went back out to sea. We have an additional four submarines which will require Flagstone installations during the next 12 months and fully intend to return for boxxe to do this for us.”

Mark Anthony , Network and Communications Manager, Tomahawk Strike

“Verisec has for several years aided UK municipalities with secure logins and solutions. The opportunity to contribute to the University’s digitisation is a great success for us. The new agreement became a reality by the assistance of one of our British partners. We look forward to being able to attract more universities and institutions in the public sector, in both the UK and other countries, in the future.”

Johan Henrikson , CEO, Verisec

"This go-live is a critical step in delivering business technology that is more user-centic and allows the Home Office to continually evolve."

Jill Hatcher , Chief People Officer, The Home Office

“We have had excellent support from boxxe for many years. All the work done has been in accordance with MOD requirement, hence ensuring we maintain the required accreditations for MoD Contracts.”

Julian Floyd , Systems and IT Manager, Enterprise Control Systems Ltd

“Our customers require cyber experts that can help them achieve better security outcomes, protecting them from today’s sophisticated threats. Our Platinum Innovator NextWave partners have deep Palo Alto Networks expertise to help solve complex security challenges with robust solutions and services. As a NextWave Platinum Innovator, boxxe is helping redefine what it means to be secure.”

Patricia Murphy , VP EMEA & LATAM Ecosystems at Palo Alto Networks

Jayne Allport , Head of Service, Systems & Application Improvement, Thirteen Group

Mark Anthony , Network and Communications Manager, Tomahawk Strike

Johan Henrikson , CEO, Verisec

"This go-live is a critical step in delivering business technology that is more user-centic and allows the Home Office to continually evolve."

Jill Hatcher , Chief People Officer, The Home Office

Julian Floyd , Systems and IT Manager, Enterprise Control Systems Ltd

Patricia Murphy , VP EMEA & LATAM Ecosystems at Palo Alto Networks

Jayne Allport , Head of Service, Systems & Application Improvement, Thirteen Group

Penetration testing FAQs

What is a penetration test?

Penetration testing is a form of ethical hacking that simulates cyberattacks to find weaknesses in your cybersecurity systems. Our licensed penetration testers use the latest techniques to identify:

Gaps that criminals could use to gain access to your systems
The different ways hackers exploit them
How well your existing defences would cope under attack
The potential impact of a breach

The outcome is an accurate evaluation of your security posture and a priority list of vulnerabilities you can fix before criminals take advantage.

What are the benefits of penetration testing?

There are many crucial benefits of regular pen testing for your business, including:

Preventing cyberattacks: Penetration testing proactively uncovers gaps in your security systems so you can remediate them before criminals exploit them.
Reducing costs: Data breaches can result in remediation, legal fees, loss in sales and non-compliance penalties. According to the latest Cybersecurity Breaches Survey from the Department for Science, Innovation & Technology, the most disruptive cybersecurity breaches cost medium or large businesses more than £10,000 on average.
Ensuring compliance: Consistent pen tests help you address the security obligations that are mandated in industry standards and regulations while demonstrating due diligence to clients and suppliers.

How long does a pen test take?

The length of time it takes to complete a penetration test depends on a variety of factors such as the scope of the test and the size of your organisation's network and infrastructure. If you'd like to get a more accurate estimate of how long a pen test could take, feel free to get in touch with our experts so we can discuss your requirements.

Will a penetration test affect business operations?

We follow the strictest standards while conducting our pen tests to ensure that they don't disrupt your business operations. However, we can include checks that affect services if you request them.

How much does penetration testing cost?

The cost of our penetration testing services depends on different factors, including but not limited to the scope and complexity of the environment you need testing and whether you want us to fix any issues the pen test identifies.

If you’d like a more accurate estimate of how much penetration testing could cost for your organisation, get in touch with our team and help us understand your organisation's specific circumstances.

Get in touch about pen testing

Ready to keep your organisation safe with our penetration testing services?

To start finding IT security gaps that other tests miss, call us on the number below or fill in the form and we will be in touch.

0330 236 9429

First name

Last name

Email address

Company name

Sector

Message (optional)

I would like to receive news and updates:

by email

by SMS

EXPERTISE IN ACTION

What happens when you try hacking a security expert?

Someone tried hacking boxxe last June...

We hate to say it, but if people are trying to hack cybersecurity experts like us - they're definitely trying to hack you. The difference? Well, find out how it went for our would-be hackers.

(Spoiler: Not well)

Find out

What we use your personal data for	Our reasons
Creating and managing your account with us	To perform our contract with you or to take steps at your request before entering into a contract
Providing products and/or services to you	To perform our contract with you or to take steps at your request before entering into a contract
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us	To comply with our legal and regulatory obligations
Enforcing legal rights or defend or undertake legal proceedings	Depending on the circumstances: — to comply with our legal and regulatory obligations — in other cases, for our legitimate interests, i.e. to protect our business, interests and rights
Customising our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website	Depending on the circumstances: — your consent as gathered e.g., by the separate cookies tool on our website—see ‘Cookies and other tracking technologies’ below — where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent, you may withdraw it at any time by changing the setting on the cookies tool (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended	Depending on the circumstances: — your consent as gathered by the separate cookies tool on our website]—see ‘Cookies and other tracking technologies’ below — where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent you may withdraw it at any time by clearing your cookie settings and rejecting when you revisit our website (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn)
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products AND/OR services or other important notices	Depending on the circumstances: — to comply with our legal and regulatory obligations — in other cases, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price
Protecting the security of systems and data used to provide the services	To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Statistical analysis to help us understand our customer base	For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price
Updating and enhancing customer records	Depending on the circumstances: — to perform our contract with you or to take steps at your request before entering into a contract — to comply with our legal and regulatory obligations — where neither of the above apply, for our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new products
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant	To comply with our legal and regulatory obligations
Marketing our services to existing and former customers	For our legitimate interests, i.e., to promote our business to existing and former customers. See Marketing below for further information
The audit of our ISO certifications (to the extent not covered by ‘activities necessary to comply with legal and regulatory obligations’ above)	For our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary	Depending on the circumstances: — to comply with our legal and regulatory obligations — in other cases, for our legitimate interests, i.e., to protect, realise or grow the value in our business and assets

Recipient	Processing operation (use) by recipient	Relevant categories of personal data transferred to recipient
Google	We use Google Analytics (GA4) cookies to collect data about the visitors to the site which includes the number of visitors, session duration, pages visited during the session etc. and whether visitors return. Google Analytics will assign a unique “ID” to a user of the boxxe website at the point they register an account with us for the purpose of tracking their activity on the boxxe website. This information is anonymous and cannot be used to identify you personally unless you end up becoming a boxxe customer. Google Analytics cannot use the ID to work out who you are.	Device’s IP address (processed during your session and stored in a de-identified form) geographic location (country only), and the preferred language used to display our website. Google Analytics stores this information on our behalf in a pseudonymized user profile.
Hotjar Ltd	We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. Hotjar is contractually forbidden to sell any of the data collected on our behalf.	This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.
Dotdigital	Dotdigital is a SaaS cross-channel marketing automation platform and services provider that helps brands devise successful, personalized marketing campaigns across multiple channels (e.g. email). Paired with its Microsoft Dynamics 365 CRM integration, boxxe is able to deliver tailored marketing to its customers.	Contact data (such as email address, contact number, name or other contact details), marketing preferences, IP address and usage information (including online navigation data, location data and browser data).
Darktrace	Darktrace’s Security Platform enhances boxxe’s cybersecurity position by providing endpoint protection, cloud security, and email security. Darktrace uses AI-driven tools to detect and respond to potential threats, such as malware, phishing attacks, and insider threats, by continuously monitoring network traffic, user behaviour, and cloud-based resources. It aims to prevent data breaches and minimize cyber risks by identifying and mitigating security threats in real-time.	Contact data (name, email address, user name), devide identifiers (e.g. IP address) and/or mobile identifiers, location data to nearest city, usage information (including tracking or browsing behavior).
Greenhouse	Greenhouse ATS is a cloud-based software that helps companies manage their recruitment processes. It organizes and tracks job applications, resumes, and candidate information. Greenhouse ATS collects applications and stores data about the applicants, such as which source they came from, which role they applied to and where they are in the application process. Greenhouse ATS features applicant tracking, background screening, interview scheduling, and onboarding.	Contact details (name, email address, home address, telephone number) and any special accommodations needed if successful for interview and employment.

Recipient country	Recipient	Processing operation (use) by recipient	Lawful safeguard
Ireland	Hotjar	Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.	Adequacy regulation further to paragraph 5(1)(a) of Part 3 of Schedule 21 to the Data Protection Act 2018 https://www.hotjar.com/legal/support/dpa/
USA	Stripe Inc	In order to facilitate online payments through boxxe’s ecommerce portal, where applicable, Stripe may Process Payment Account Details, bank account details, billing/shipping address, name, date/time/amount of transaction, device ID, email address, IP address/location, order ID, payment card details, tax ID/status, unique customer identifier, identity information including government issued documents (e.g., national IDs, driver’s licenses and passports).	UK Data Transfer Addendum https://stripe.com/gb/legal/dpa
EEA	Dotdigital	Boxxe will provide certain information about its customers to Dotdigital in order for it to be able to provide automated marketing services that are tailored to its specific customer interests.	Adequacy regulation further to paragraph 5(1)(a) of Part 3 of Schedule 21 to the Data Protection Act 2018. https://dotdigital.com/terms/data-processing-agreement/
Ireland/EEA/USA	Greenhouse	Data will primarily be stored at rest in Greenhouse’s Silos - EU-Central-1 (Frankfurt) and EU-West-1 (Ireland) for disaster recovery. Data will only be transferred to and from Greenhouse servers in the EU and the US for essential business activities, including technical support, sub-processor services, and others as outlined in the Greenhouse DPA (data processing agreement).	Legal – Data processing addendum \| Greenhouse

Access to a copy of your personal data	The right to be provided with a copy of your personal data
Correction (also known as rectification)	The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)	The right to require us to delete your personal data—in certain situations
Restriction of use	The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portability	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object to use	The right to object: at any time to your personal data being used for direct marketing (including profiling in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you We do not make any such decisions based on data collected by our website
The right to withdraw consents	If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time You may withdraw consents by emailing ecommerce@boxxe.com. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

Explore our bestselling computers

Explore our bestselling accessories

Latest Case Studies

Helpful Insights

Already a customer?

Already a customer?

Penetration Testing Services

Find and fix IT security gaps that other tests miss with active penetration testing (pen testing) led by Cybersecurity Analysts who've helped keep the Ministry of Defence secure for 30+ years.

Find your cybersecurity gaps before attackers do

How confident are you that your defences are impenetrable?

How boxxe's penetration testing services can help

Accredited and licensed penetration testers

Comprehensive penetration testing

Live vulnerability report

Optional remediation

They trust boxxe

How our penetration testing process works

Scoping

Why choose boxxe as your pen testing partner?

Our customers love us

Penetration testing FAQs

What is a penetration test?

What are the benefits of penetration testing?

How long does a pen test take?

Will a penetration test affect business operations?

How much does penetration testing cost?

Get in touch about pen testing

Ready to keep your organisation safe with our penetration testing services?

What happens when you try hacking a security expert?

Someone tried hacking boxxe last June...

For more reading, browse through our case studies

General

Types of data we collect

If you fail to provide personal data

How your personal data is collected

How and why we use your personal data

Marketing

Who we share your personal data with

Who we share your personal data with - in more detail

Overseas transfers and sharing personal data with sub-processors

Transferring your personal data out of the UK - in more detail

How long your personal data will be kept

Data Security

Cookies and other tracking technologies

Your Rights

Policy Changes

Contact Us