RSK Business Solutions
Anerley Court, Half Moon Lane, Hildenborough, Tonbridge
Phone: +44 (0) 1732 833111
Skip to main content
Let’s Connect

A Case Study of the Penetration Testing for National Grid

Project Scope

Penetration Testing For National Grid

Executive Summary
Headquartered in London, National Grid is an international energy delivery business with principal activities in the regulated electricity and natural gas industries. National Grid lies at the heart of a transforming energy system, spanning the UK and the US. They are one of the ten largest investor-owned utilities in the world. National Grid is responsible for the supply of gas and electricity, safely, reliably and efficiently to millions of customers and communities. They drive change through engineering innovation and by incubating new ideas with the power to revolutionise their industry.

Methodologies Used

How Our Development Service Helps

RSK Business Solutions built the Competency Manager for National Grid Property Holdings (NGPH). Competency Manager is a self-certification system which allows contractors’ and consultants’ employees to demonstrate their competence for their role they are undertaking on remediation sites (NGPH, NGG and/or NGET). In addition, it provides functionality for allowing periodic auditing (verification) of the declarations to ensure compliance.

Technologies Used

OSSTMM, OWASP, Offensive Security, SANS. Web Inspect, Burp Suite, Immunity Debugger, Metasploit, Nmap, Nikto, OpenVAS, slowhttptest, sqlmap, XSpider, w3af, Wfuzz, ZAProxy and many more.

Penetration Methodologies

Penetration Testing

Aiming to enhance their cyber security services against cyber-attacks, National Grid needed to identify all security weaknesses of their utilised web applications and mitigate the risk of misusing the network services. National Grid required a penetration testing company.

As a security consultant, RSK Business Solutions provided the experience and resources for a cyber security solution to:

  • Perform the evaluation of security risks for the business-critical web applications and network services.
  • Provide detailed recommendations on the improvement of information systems’ security level.

The Pentest as a Service approach provided by RSK Business Solutions was based on the OWASP security testing guidelines.

RSK Business Solution provide penetration testing as a service & presented a holistic solution to National Grid which included:

  • Analysis of the information from public resources
  • Vulnerability Assessment: discovering all vulnerabilities in the target web and application servers with the use of known automated tools.
  • Black Box and White Box penetration testing;
  • Controlled hacking of the target systems by experts certified in information security, with the aim to confirm the identified vulnerabilities and discover the undetected ones.
  • Secured an additional layer of security on Authentication mechanism using MFA.

Final Deliverable

Penetration testing services, test plans and approaches used;

  • Black Box and White Box penetration testing reports.
  • A detailed summary report outlining the list of vulnerabilities and configuration weaknesses, which could be exploited within available network access points.
  • Recommendations on countermeasures
  • Complete holistic risk assessments and an outline of potential future plans to integrate with emerging technologies.
Penetration Final Deliverables


We have been working with the outsourcing team at RSK Business Solutions for over 2 years now.  Their technical team continues to develop our .Net, Silverlight, GIS and Bing map development tasks. They have the right mix of technical and communication skills for the job. – I would not hesitate in recommending them to anyone…a first class software outsourcing partner!
Richard Robertson | CADLine | Business Development Director
RSK combined their technical knowledge of the risk process with their software development consultants to deliver an innovative platform that now allows us to mitigate the risks and manage our future investment programme across for our estate. I would definitely recommend RSK to other businesses – they thought out of the box on this one and have delivered an excellent solution for our individual business needs
Paola Franchi | Rontec | Business Excellence Strategist
Idhammer systems have been working with RSK Business Solutions Ltd for over three years to provide experienced technical resources on a number of our development projects. RSK BSL have become a valuable addition to our team and have proved themselves to be able to react quickly to requirements. They have provided resources with experience and competence in ASP.NET technology, iOS development and MS SQL
Clare Darlison | Idhammar | Managing Director, Technical
Glenfield Software have called upon RSK Business Solutions Ltd (RSK BSL) to provide technical offshore resources to increase the capability of our development team within busy periods or for larger projects. RSK BSL have proved to be a flexible and reliable supplier of offshore development. Specifically they successfully supported us develop a native iOS mobile application for one of our high end retail clients. We would be happy to use RSK BSL in the future
Ken Francis | Glenfield Software | Company Director
AM Rail Group has worked closely with RSK’s risk assessment team on the Doncaster Connectivity project. RSK Business Solutions Ltd proved that they were able to deliver and adapt quickly to changes in scope that are inevitable at GRIP 3 and 4 design stage. RSK Business Solutions Ltd SORAT and Level Crossing risk team continue to support AM Rail Group on a number of level crossing renewals and re-signalling schemes and we look forward to continuing and strengthening this partnership in the future
Miles Hancock | AM Rail | Managing Director
On a project the size of ours, there are a number of variables to consider and they have to be accounted for. RSK Business Solutions' timesheet allows us to break costs down so we can understand them. It is user-friendly and saves us an inordinate amount of time; it's an efficient way of working.
Trevor Jones | National Grid | Project Resources Manager
The online timesheet made understanding the spend and progress against the budget not only a simple process, but offered much needed project detail at the touch of a button. The timesheet was a very beneficial addition to the project and proved to be a very capable tool.
Darren Cottrell | Network Rail | Signalling Risk Control Co-ordinator
RSK delivered a bespoke solution for us within a very tight timescale and it was refreshing to partner with such a flexible and responsive software provider. The system is now integral to our every day operations and we look forward to continuing to work with RSK as our Apprenticeship Programme continues to grow.
Ann-Marie Hughes | Pearson in Practice | Finacne Buiness Partner
Colas recently worked with RSK Business Solutions Rail team to provide SORA support on the Thameslink London Bridge Stage works. Colas, as part of the Wessex Capacity Alliance, also contracted RSK Business Solutions Ltd to provide Operational Risk Assessment expertise to the Wessex Capacity Improvement Project – Waterloo Approaches. Their staff have always been professional and courteous and have been reactive to the pressures of delivering such large and high profile projects. We look forward to continuing this partnership on future projects
CJ Lansom | Colas Rail | Operations Manager (Signalling) - Rail Systems

DEG Signal have contracted RSK Business Solutions Ltd on many occasions in order to provide Operational Risk Assessments for our GRIP 3 and 4 signalling design projects. RSK Business Solutions risk team have proved to be experts in their field and make themselves available to give advice whenever it is requested of them. When working with RSK Business Solutions Ltd we can rest assured that the operational risk elements of our projects are covered so that we can concentrate on our core design and project management functions and deliver our projects to the satisfaction of our clients. We would look forward to continuing our collaboration with RSK Business Solutions Ltd on future projects.

Russell Gell FIRSE  | DEG Signal | Engineering Director

Mott MacDonald has contracted RSK Business Solutions Ltd for over 10 years to support us with operational risk assessment on many of our signalling projects. Their team of risk assessors have proved to be competent, approachable and have always worked with us to achieve some challenging deadlines.

David Teasdel | Mott MacDonald | Railway Signalling Consultant Engineer

Babcock International (then First Engineering Ltd) first worked with RSK Business Solutions Ltd in 2004 on the West Coast Modernisation Project Line Speed Enhancements. Since then they have provided operational risk assessment support on many infrastructure and signalling projects of varying sizes. The RSK Business Solutions Ltd team have always been attentive to our requirements and professional in their manner. They continue to be flexible and committed to meet the deadlines of our projects and as the technical experts we know that RSK Business Solutions Ltd can be relied upon to provide the right advice at the right time. I look forward to working with the team on future projects.

Brad Thompson | Babcock International Group | Signalling Design Consultant

The Sustainability and Environmental Risk Management System (SERMS) written by RSK Business Solutions Ltd was adopted and deployed by MACE and is now used on all UK construction projects. The system advises and guides our project managers through the complex legal compliance issues that come with large construction projects taken on by MACE. Recently, the system has been adapted for the global market and has been well received. RSK Business Solutions Ltd adopt a consultative approach which is backed by a fundamental understanding of construction and environmental domains which set them apart from other software suppliers

Andrew Kinsey | MACE Group | Sustainability Director

Let's talk about your project

  • RSK Buisness Solution Captcha

  • Management System Certification
  • Government Procurement Service
  • Cyber Essential
  • Investors in People
  • Links Up
This website uses cookies to ensure you get the best experience on our website. Learn More