A Case Study of the Penetration Testing for National Grid

Project Scope

Executive Summary
Headquartered in London, National Grid is an international energy delivery business with principal activities in the regulated electricity and natural gas industries. National Grid lies at the heart of a transforming energy system, spanning the UK and the US. They are one of the ten largest investor-owned utilities in the world. National Grid is responsible for the supply of gas and electricity, safely, reliably and efficiently to millions of customers and communities. They drive change through engineering innovation and by incubating new ideas with the power to revolutionise their industry.

Methodologies Used

How Our Development Service Helps
RSK Business Solutions built the Competency Manager for National Grid Property Holdings (NGPH). Competency Manager is a self-certification system which allows contractors’ and consultants’ employees to demonstrate their competence for their role they are undertaking on remediation sites (NGPH, NGG and/or NGET). In addition, it provides functionality for allowing periodic auditing (verification) of the declarations to ensure compliance.

Technologies Used
OSSTMM, OWASP, Offensive Security, SANS. Web Inspect, Burp Suite, Immunity Debugger, Metasploit, Nmap, Nikto, OpenVAS, slowhttptest, sqlmap, XSpider, w3af, Wfuzz, ZAProxy and many more.

Penetration Testing
Aiming to enhance their cyber security services against cyber-attacks, National Grid needed to identify all security weaknesses of their utilised web applications and mitigate the risk of misusing the network services. National Grid required a penetration testing company.

As a security consultant, RSK Business Solutions provided the experience and resources for a cyber security solution to:

  • Perform the evaluation of security risks for the business-critical web applications and network services.
  • Provide detailed recommendations on the improvement of information systems’ security level.

The Pentest as a Service approach provided by RSK Business Solutions was based on the OWASP security testing guidelines.

RSK Business Solution provides penetration testing as a service & presented a holistic solution to National Grid which included:

  • Analysis of the information from public resources
  • Vulnerability Assessment: discovering all vulnerabilities in the target web and application servers with the use of known automated tools.
  • Black Box and White Box penetration testing;
  • Controlled hacking of the target systems by experts certified in information security, with the aim to confirm the identified vulnerabilities and discover the undetected ones.
  • Secured an additional layer of security on the Authentication mechanism using MFA.

Final Deliverable

Penetration testing services, test plans and approaches used;
  • Black Box and White Box penetration testing reports.
  • A detailed summary report outlining the list of vulnerabilities and configuration weaknesses, which could be exploited within available network access points.
  • Recommendations on countermeasures
  • Complete holistic risk assessments and an outline of potential future plans to integrate with emerging technologies.

Andrew Kinsey

Sustainability Director | MACE

“The Sustainability and Environmental Risk Management System (SERMS) written by RSK Business Solutions Ltd was adopted and deployed by MACE and is now used on all UK construction projects. The system advises and guides our project managers through the complex legal compliance issues that come with large construction projects taken on by MACE. Recently, the system has been adapted for the global market and has been well received. RSK Business Solutions Ltd adopt a consultative approach which is backed by a fundamental understanding of construction and environmental domains which set them apart from other software suppliers.”

Ken Francis

Company Director | Glenfield Software

“Glenfield Software have called upon RSK Business Solutions Ltd (RSK BSL) to provide technical offshore resources to increase the capability of our development team within busy periods or for larger projects. RSK BSL have proved to be a flexible and reliable supplier of offshore development. Specifically they successfully supported us develop a native iOS mobile application for one of our high end retail clients. We would be happy to use RSK BSL in the future”

Richard Robertson

Business Development Director | CADLine

“We have been working with the outsourcing team at RSK Business Solutions for over 5 years now. Their technical team continues to develop our .Net, GIS and Bing map development tasks. They have the right mix of technical and communication skills for the job. – I would not hesitate in recommending them to anyone…a first class software outsourcing partner!”

India

Plot No.14, 5th Floor, Sector-18,
Gurugram- 122015 Haryana, India.
Contact: +91 (0) 124 4201376

Headquarter

Anerley Court, Half Moon Lane,
Hildenborough, Kent, TN11 9HU, UK.
Contact: +44(0) 1732 833111

UAE

Concord Tower, 6th Floor,
Dubai Media City, 126732, Dubai, UAE.
Contact: +971 (0)4 454 9844

USA

103 Carnegie Center Blvd.
Ste. 300 Princeton, NJ 08540,
USA.
Contact: +1(732) 333 8853

Contact Us

Hey! Get In touch

Sign up for sending on information, updates, and promotions. RSK-BSL will follow up with you as soon as possible.

COOKIE INFORMATION

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking accept all you consent to the use of ALL cookies. However, you may wish to visit cookie preferences to provide a controlled consent. Read our cookie policy.