What is included in a penetration testing report?

Our reports include a summary of identified vulnerabilities, their severity levels (using CVSS), proof-of-concept evidence, and prioritized remediation recommendations to help you strengthen your security posture.

Does Baltic Amadeus offer Automotive security testing?

Yes, we specialize in automotive testing, assessing vehicle systems to identify low-level security weaknesses and enhance overall hardware and software protection.

What is Threat-Led Penetration Testing?

Threat-Led Penetration Testing involves simulated, targeted attacks based on the actual tactics and techniques used by threat actors, specifically designed to evaluate your organization's resilience and response capabilities.

Penetration Testing

Our Penetration Testing Offers

Internal & external network

Assessment of your internal and external network security to identify weaknesses and improve overall protection.

Internal network testing.

VPN and remote access testing.

Deliverables:

Report highlighting confirmed internal and external vulnerabilities with prioritised remediation recommendations.

Request this service

Wireless network

Evaluation of your wireless network security to uncover vulnerabilities and ensure safe connectivity.

WiFi security testing.

Rogue AP detection.

WPA2/WPA3 assessment.

Deliverables:

Report detailing identified wireless vulnerabilities and recommended secure configurations.

Request this service

Web & mobile app testing

Assessment of web and mobile applications to identify security risks and strengthen app-layer protection.

OWASP Top 10 security risks.

Authentication and session security.

Authorisation and privilege escalation.

API security testing.

Deliverables:

Report validating app-layer vulnerabilities with recommendations for remediation and API hardening.

Request this service

IoT devices

Assessment of IoT devices to uncover security weaknesses and improve device protection.

Firmware analysis.

IoT interface and protocol testing.

Device authentication and access control review.

Deliverables:

Report identifying IoT-specific vulnerabilities with guidance on secure configuration and patching.

Request this service

Hardware & device

Assessment of hardware and devices to identify low-level security weaknesses and strengthen device protection.

Firmware reverse engineering.

Debug interface testing.

Device exploitation attempts.

Deliverables:

Report detailing discovered hardware-level vulnerabilities with recommendations for hardware security architecture.

Request this service

Physical perimeter

Assessment of physical security measures to identify vulnerabilities and enhance facility protection.

Unauthorised entry simulation.

Tailgating and badge cloning attempts.

Facility access control testing.

Deliverables:

Report highlighting identified physical security gaps with recommended measures to strengthen facility access.

Request this service

Social engineering

Assessment of human factors in security to identify risks and improve organisational awareness.

Phishing simulation campaigns.

Vishing.

Physical intrusion.

Smishing.

Deliverables:

Report providing employee awareness insights with recommendations for training and policy updates.

Request this service

Automotive testing

Assessment of automotive systems to identify vulnerabilities and enhance vehicle security.

CAN bus testing.

Telematics system security review.

Infotainment and firmware vulnerability testing.

Deliverables:

Report detailing confirmed automotive vulnerabilities with guidance for secure integration and hardening.

Request this service

Threat-led penetration testing

Simulated, targeted attacks to evaluate organisational resilience and improve threat response.

Red teaming.

Purple teaming.

Deliverables:

Regulatory-compliant TLPT report including DORA compliance findings.

Request this service

SOC service provider effectiveness testing

Controlled simulations and use-case validation to assess the SOC’s ability to detect, analyse, escalate, and respond to realistic threats.

Purple team exercises for SOC detection and response.

Validation of alerting, triage, escalation, and incident handling.

Testing SIEM, SOAR, and threat-detection use cases.

Deliverables:

Regulatory-aligned SOC effectiveness report highlighting detection gaps, response weaknesses, and operational resilience findings.

Request this service

Our Penetration Testing Process

Scoping & threat modelling

We define the scope, identify potential threats, and set a tailored cyber security penetration testing plan.

Intelligence gathering

We gather information about the target through reconnaissance and enumeration to identify potential vulnerabilities.

Vulnerability analysis

We identify vulnerabilities by analysing configuration weaknesses, validating exposures, and benchmarking against industry standards (NIST CSF 2.0, OWASP Top 10).

04

Exploitation

We simulate real‑world attacks using the PTES methodology, including privilege escalation, to confirm which risks can be exploited in practice.

05

Impact assessment

We test data access and analyse potential impact to understand the real business consequences of successful attacks.

06

Reporting

We deliver a report following CREST standards, highlighting actionable findings and providing clear remediation guidance.

Why Baltic Amadeus

Security & compliance.

Real-world attack simulation.

Support for NIS2, DORA & MiCA ICT requirements.

Certifications

OSCP

CEH

CREST

CISSP

FAQ

How much does penetration testing cost?

The cost of cyber security penetration testing varies depending on the scope, complexity, and type of systems tested. Factors include the size of your infrastructure, the depth of testing, and whether you require specialised ethical hacking services.

What is the difference between a penetration test and a vulnerability scan?

A vulnerability scan identifies potential weaknesses in systems automatically, while a penetration test involves ethical hacking services to actively exploit vulnerabilities and assess their real-world impact. Penetration testing provides a deeper, more practical insight into security risks.

How often should penetration testing be performed?

Penetration testing services should be performed at least once a year, or after significant changes to your systems, applications, or infrastructure. Regular cyber security penetration testing helps identify and address vulnerabilities before they can be exploited.

Penetration Testing Services

Gabrielius Vinciūnas

Vitalis Kavaliauskas

Our Penetration Testing Offers

Internal & external network

Wireless network

Web & mobile app testing

IoT devices

Hardware & device

Physical perimeter

Social engineering

Automotive testing

Threat-led penetration testing

SOC service provider effectiveness testing

Our Penetration Testing Process

Scoping & threat modelling

Intelligence gathering

Vulnerability analysis

04

Exploitation

05

Impact assessment

06

Reporting

Why Baltic Amadeus

Security & compliance.

Real-world attack simulation.

Support for NIS2, DORA & MiCA ICT requirements.

Certifications

FAQ

How much does penetration testing cost?

What is the difference between a penetration test and a vulnerability scan?

How often should penetration testing be performed?

Case Studies

Penetration testing

Penetration testing & cloud security assessment

Related Services

CISO as a Service

Security Assessment

Information Security Training

Let’s talk about your project

Starting something new or need support for an existing project? Reach out, and our experts will get back to you within one business day.

Start the conversation