Penetration Tester for Teleoperation Software

We are looking for a penetration test and report.

About us: Adamo provides teleoperation software to robotics companies, allowing operators to remotely control robots. We are seeking a penetration test of our web application, with a report delivered as soon as possible.

Application purpose: Browser-based platform for operators to remotely control robots, plus organisation/account management.

Scope:

Pages: 5 pages in a logged-in state.

User types: Operator, Admin, Owner, Developer. Admin, Owner and Developer accounts currently share the same permission set; Operator is restricted (e.g. cannot invite additional users). All roles in scope.

Authentication: Frontend uses OAuth via Google Login; API access via API key. Both in scope, including testing for authentication and authorization weaknesses (broken access control, privilege escalation, endpoint authorization).

API: No formally documented API, but endpoints are exercised by the application and via API key. We can provide engineering support to map endpoints.

Database: PostgreSQL.

Real-time streaming: Our routers handle robot control streams; we want authentication enforcement on these streams validated as part of testing.

Live robot: We will have a robot running in our office for the engagement and can schedule a specific window for testing the live-control functionality.

Access we will provide: Sign-up link, an invitation to the Adamo organisation (with a live robot), and test logins covering the relevant roles.

What we need from you:

A fixed quote and estimated turnaround for the report.

Confirmation of retest policy (we'd like remediation retesting included, ideally on a rolling basis).

Earliest available start date — turnaround on the report is our priority.

A sample/redacted report so we can assess deliverable quality.