Customer success Story: Penetration testing, with focus on AWS cloud

Get clarity about the security level of your existing AWS cloud deployment

Financial Services & Insurances



BLOXXON is the leading digital assets servicer. Their mission is to create a contemporary and digital banking offering for German SMEs with our innovative approach.

With own licenses for crypto custody, investment brokerage and financial portfolio management, BLOXXON AG is a leading crypto-as-a-service partner for investment companies, asset managers and banks.

Platform security is crucial for BLOXXON’s value proposition. Choosing AWS as technological basis is wise, as they provide a portfolio of 45+ security
related services. Leveraging these bleeding edge tools enables BLOXXON to meet the requirements of the most sophisticated security standards; a big win for their clients.

BLOXXON has enlisted the support of Alice&Bob.Company to ensure that their platform does not contain any exploitable vulnerabilities or security-related configuration errors.


As BLOXXON plans to implement further components of their
platform in AWS, they needed an independent view on their already implemented environments. Therefore Alice&Bob.Company performed blackbox and greybox penetration tests for BLOXXON on parts of their already implemented environment.

Find compromisable vulnerabilities. While blackbox tests are meant to identify weaknesses without knowing anything about the environment, greybox tests use some partial technical information provided by the client e.g. login credentials or vague architecture plans.

As the clients platform is set up on AWS, one the one hand Alice&Bob.Company tried to locate and exploit typical standard issues, i.e. application and security misconfigurations. Those are relevant for traditional non-cloud IT infrastructures, too. On the other hand, as experienced AWS service provider, Alice&Bob.Company put an additional eye on typical AWS related security issues, i.e. EC2 misconfigurations, S3 bucket permissions and IAM-related privilege escalations.


We have validated the customer's demand for high security within two weeks!


BLOXXON received a prioritized list of all findings, including effort estimations and criticality.

The findings have been shown and explained in a results presentation meeting.  The very high level of the existing platform configuration was validated and confirmed by the penetration tests.

Mitigations and adjustments of findings in the existing cloud security configuration have been adjusted by BLOXXON in close collaboration with Alice&Bob.Company.

Alice&Bob.Company's penetration tests confirmed our claim of implementing a very high level of security in our platform. Having this external validation is essential for proceeding with further cloud implementations. Based on our business requirements, A&B supported us with their expertise in an straightforward, very professional and fast way. We are looking forward to a long-term, fair partnership.


Get a detailed overview of your cloud architecture, with identified vulnerabilities and misconfigurations. You will also receive defined clear steps to fix and improve you overall security posture.

A&B security specialist takes over the role of an attacker (ethical hacker) to compromise customers infrastructure and/or application and provides resolution and mitigation measures.