Who is Zenstores?
Zenstores is the next-gen shipping software powering fulfilment for thousands of UK brands, from fashion labels to breweries and has shipped over 200 million orders worldwide.
Zenstores integrates every step of the e-commerce delivery experience, from checkout to dispatch, automatically routing orders to the best carriers and giving teams full visibility, smarter decision-making, and seamless shipping at scale.
We had a chat with Robert Ashcroft, Co-Founder and CTO at Zenstores, to understand their experience using OnSecurity so far.
The Security Challenge
Zenstores’ platform integrates with numerous partners, from checkout systems and marketplaces to national and international carriers. That ecosystem meant the company needed to maintain robust data security, ensure partner compliance, and demonstrate trustworthiness at scale.
Alongside these partner requirements, Zenstores also adheres to strict data protection policies and has ambitions to pursue ISO certification in the future.
To meet these obligations and strengthen internal confidence in its web application, Zenstores sought a reliable, repeatable annual penetration testing process.
Why OnSecurity
When evaluating security vendors, Zenstores chose OnSecurity for two key reasons:
“First, OnSecurity is based in Bristol – same as us – and we liked the idea of supporting another local company,” says Ashcroft.
“Second, we liked that it wasn’t just a one-off test and a static report. The platform-based approach meant we could collaborate directly with pentesters and receive real-time updates via the dashboard. It felt intuitive and modern.”
This decision marked the start of a long-term partnership that has continued for more than 4 years.
The Solution
Zenstores uses OnSecurity for its annual web application penetration tests, cloud security audits, and web monitoring through OnSecurity’s threat intelligence feature.
“Outside of the penetration tests, we needed a web monitoring solution to track our domain and user data,” says Ashcroft. “We use your tool Radar for that, it’s been really good, and it’s at a great price point for what we needed.”
Collaboration with the Zenstores Team
Zenstores’ security and development teams are tightly integrated, meaning issues identified by OnSecurity are addressed collaboratively and efficiently.
“The security and dev teams wear many hats,” explains Ashcroft. “When we get comments back from your pentesters, I feed them directly into our management system, and we handle fixes from there. It’s straightforward and fits how we work.”
Actionable, Clear, and Trusted Reporting
Zenstores found the clarity and depth of OnSecurity’s findings to be one of the platform’s biggest strengths.
“That’s one of your standout things – when someone finds an improvement, they go into a lot of detail about how to mitigate it and how to fix it. That’s super useful,” says Ashcroft.
Previously, Zenstores primarily used automated scanning tools that produced a high rate of false positives – for example, flagging harmless JavaScript libraries. OnSecurity’s human-led testing eliminated much of that noise and provided contextual guidance.
“With traditional automated scanners, we’d get alerts that didn’t apply to our setup. With OnSecurity, we were able to discuss a flagged cloud logging issue directly with the tester, explain our usage, and resolve it quickly. That kind of dialogue just doesn’t happen with traditional vendors.”
OnSecurity Platform Experience
Zenstores makes direct use of the OnSecurity platform for managing reports, findings, and communication.
“To be honest, I just get the emails from OnSecurity and log into the portal – and that’s all I really need. The interface is intuitive and the communication is clear,” says Ashcroft.
Although Zenstores doesn’t yet use deeper integrations such as Jira or Slack, the team appreciates the platform’s ease of access and transparency.
Measurable Value
While Zenstores hasn’t quantified specific time or cost savings, Ashcroft highlights that the pricing and efficiency are excellent.
“It’s a good price for the level of detail and responsiveness we get,” he says. “I haven’t done the analysis, but I know it saves us a lot of stress and time.”
When It Mattered Most
One standout moment in the partnership came during a recent urgent compliance request from one of Zenstores’ partners.
“We had a tight deadline to meet a partner request in delivering a pentest report,” says Ashcroft.
“Cameron and Dan from OnSecurity jumped on it immediately, and OnSecurity completed a full cloud audit in just two days. They really saved our bacon – it could have affected what data we were allowed to receive from that partner.”
The Results
✅ Ongoing compliance with partner data policies
✅ Reliable annual web app penetration testing
✅ Continuous web monitoring
✅ Fewer false positives and clearer vulnerability remediation
✅ Rapid turnaround in urgent partner audit requests
Would Zenstores Recommend OnSecurity?
“Yes, definitely. The responsiveness, the quality of reports, and how quickly the team steps up when you’re in a pinch – it’s been fantastic,” says Ashcroft.
“Having a platform where there’s back and forth during the test is incredibly useful. The findings the team flags are always really well explained,” concludes Ashcroft.
Start your security partnership with OnSecurity today and guarantee simplified management and delivery of your pentesting. Get an instant quote now!
