What is included in a penetration testing report?

Our reports include a summary of identified vulnerabilities, their severity levels (using CVSS), proof-of-concept evidence, and prioritized remediation recommendations to help you strengthen your security posture.

Does Baltic Amadeus offer Automotive security testing?

Yes, we specialize in automotive testing, assessing vehicle systems to identify low-level security weaknesses and enhance overall hardware and software protection.

What is Threat-Led Penetration Testing?

Threat-Led Penetration Testing involves simulated, targeted attacks based on the actual tactics and techniques used by threat actors, specifically designed to evaluate your organization's resilience and response capabilities.

Penetration Testing Services

Our Penetration Testing Offers

Internal & external network

Assessment of your internal and external network security to identify weaknesses and improve overall protection.

Internal network testing.

VPN and remote access testing.

Deliverables:

Report highlighting confirmed internal and external vulnerabilities with prioritised remediation recommendations.

Request this service

Wireless network

Evaluation of your wireless network security to uncover vulnerabilities and ensure safe connectivity.

WiFi security testing.

Rogue AP detection.

WPA2/WPA3 assessment.

Deliverables:

Report detailing identified wireless vulnerabilities and recommended secure configurations.

Request this service

Web & mobile app testing

Assessment of web and mobile applications to identify security risks and strengthen app-layer protection.

OWASP Top 10 security risks.

Authentication and session security.

Authorisation and privilege escalation.

API security testing.

Deliverables:

Report validating app-layer vulnerabilities with recommendations for remediation and API hardening.

Request this service

IoT devices

Assessment of IoT devices to uncover security weaknesses and improve device protection.

Firmware analysis.

IoT interface and protocol testing.

Device authentication and access control review.

Deliverables:

Report identifying IoT-specific vulnerabilities with guidance on secure configuration and patching.

Request this service

Hardware & device

Assessment of hardware and devices to identify low-level security weaknesses and strengthen device protection.

Firmware reverse engineering.

Debug interface testing.

Device exploitation attempts.

Deliverables:

Report detailing discovered hardware-level vulnerabilities with recommendations for hardware security architecture.

Request this service

Physical perimeter

Assessment of physical security measures to identify vulnerabilities and enhance facility protection.

Unauthorised entry simulation.

Tailgating and badge cloning attempts.

Facility access control testing.

Deliverables:

Report highlighting identified physical security gaps with recommended measures to strengthen facility access.

Request this service

Social engineering

Assessment of human factors in security to identify risks and improve organisational awareness.

Phishing simulation campaigns.

Vishing.

Physical intrusion.

Smishing.

Deliverables:

Report providing employee awareness insights with recommendations for training and policy updates.

Request this service

Automotive testing

Assessment of automotive systems to identify vulnerabilities and enhance vehicle security.

CAN bus testing.

Telematics system security review.

Infotainment and firmware vulnerability testing.

Deliverables:

Report detailing confirmed automotive vulnerabilities with guidance for secure integration and hardening.

Request this service

Threat-led penetration testing

Simulated, targeted attacks to evaluate organisational resilience and improve threat response.

Red teaming.

Purple teaming.

Deliverables:

Regulatory-compliant TLPT report including DORA compliance findings.

Request this service

SOC service provider effectiveness testing

Controlled simulations and use-case validation to assess the SOC’s ability to detect, analyse, escalate, and respond to realistic threats.

Purple team exercises for SOC detection and response.

Validation of alerting, triage, escalation, and incident handling.

Testing SIEM, SOAR, and threat-detection use cases.

Deliverables:

Regulatory-aligned SOC effectiveness report highlighting detection gaps, response weaknesses, and operational resilience findings.

Request this service

AI & LLM penetration testing

Assessment of AI and Large Language Model applications to identify security risks and strengthen protection against model, data, and agent-based threats.

Large Language Model security testing.

AI application security assessment.

OWASP LLM Top 10 risk coverage.

Prompt injection and jailbreaking attempts.

AI agent and agent hijacking testing.

RAG security assessment.

Data poisoning risk review.

API security testing.

Deliverables:

Report outlining AI and LLM vulnerabilities with practical recommendations for remediation.

Request this service

Our Penetration Testing Process

Scoping & threat modelling

We define the scope, identify potential threats, and set a tailored cyber security penetration testing plan.

Intelligence gathering

We gather information about the target through reconnaissance and enumeration to identify potential vulnerabilities.

Vulnerability analysis

We identify vulnerabilities by analysing configuration weaknesses, validating exposures, and benchmarking against industry standards (NIST CSF 2.0, OWASP Top 10).