A Case Study of the Penetration Testing for National Grid

A Case Study of the Penetration Testing for National Grid A Case Study of the Penetration Testing for National Grid

Project Scope

Executive Summary
Headquartered in London, National Grid is an international energy delivery business with principal activities in the regulated electricity and natural gas industries. National Grid lies at the heart of a transforming energy system, spanning the UK and the US. They are one of the ten largest investor-owned utilities in the world. National Grid is responsible for the supply of gas and electricity, safely, reliably and efficiently to millions of customers and communities. They drive change through engineering innovation and by incubating new ideas with the power to revolutionise their industry.

Penetration Testing
Logo
Logo
Logo
Logo
Logo
Logo
Logo

Methodologies Used

How Our Development Service Helps
RSK Business Solutions built the Competency Manager for National Grid Property Holdings (NGPH). Competency Manager is a self-certification system which allows contractors’ and consultants’ employees to demonstrate their competence for their role they are undertaking on remediation sites (NGPH, NGG and/or NGET). In addition, it provides functionality for allowing periodic auditing (verification) of the declarations to ensure compliance.

Technologies Used
OSSTMM, OWASP, Offensive Security, SANS. Web Inspect, Burp Suite, Immunity Debugger, Metasploit, Nmap, Nikto, OpenVAS, slowhttptest, sqlmap, XSpider, w3af, Wfuzz, ZAProxy and many more.

Penetration Testing
Aiming to enhance their cyber security services against cyber-attacks, National Grid needed to identify all security weaknesses of their utilised web applications and mitigate the risk of misusing the network services. National Grid required a penetration testing company.

As a security consultant, RSK Business Solutions provided the experience and resources for a cyber security solution to:

  • Perform the evaluation of security risks for the business-critical web applications and network services.
  • Provide detailed recommendations on the improvement of information systems’ security level.

The Pentest as a Service approach provided by RSK Business Solutions was based on the OWASP security testing guidelines.

RSK Business Solution provides penetration testing as a service & presented a holistic solution to National Grid which included:

  • Analysis of the information from public resources
  • Vulnerability Assessment: discovering all vulnerabilities in the target web and application servers with the use of known automated tools.
  • Black Box and White Box penetration testing;
  • Controlled hacking of the target systems by experts certified in information security, with the aim to confirm the identified vulnerabilities and discover the undetected ones.
  • Secured an additional layer of security on the Authentication mechanism using MFA.

Final Deliverable

Penetration testing services, test plans and approaches used;
  • Black Box and White Box penetration testing reports.
  • A detailed summary report outlining the list of vulnerabilities and configuration weaknesses, which could be exploited within available network access points.
  • Recommendations on countermeasures
  • Complete holistic risk assessments and an outline of potential future plans to integrate with emerging technologies.

Quote

‘MACE have been using the RSK legal support service at a corporate and site level since early 2012 and find their service comprehensive and invaluable for our business needs. RSK help to translate complex legislation into sector specific and easy to understand guidance for our teams.’

Andrew Kinsey, Head of Sustainability, Construction – MACE Ltd

Quote

‘MACE commissioned RSK to develop and implement of our NAVIGATE system, a comprehensive environmental risk and compliance solution used on all our UK projects. This web-based system guides our teams through environmental aspects and impacts identification specific to design, construction and completion of construction and infrastructure projects, with linked legislative compliance support.’

Andrew Kinsey, Head of Sustainability, Construction – MACE Ltd

City
India

Plot No.14, 5th Floor, Sector-18,
Gurugram- 122015 Haryana, India.
Contact: +91 (0) 124 4201376

Headquarter

Anerley Court, Half Moon Lane,
Hildenborough, Kent, TN11 9HU, UK.
Contact: +44(0) 1732 833111

UAE

Concord Tower, 6th Floor,
Dubai Media City, 126732, Dubai, UAE.
Contact: +971 (0)4 454 9844

USA

580 Fifth Avenue, Suite 820.
New York, NY 10036,
USA.

Contact Us

Hey! Get In touch

Sign up for sending on information, updates, and promotions. RSK-BSL will follow up with you as soon as possible.

COOKIE INFORMATION

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking accept all you consent to the use of ALL cookies. However, you may wish to visit cookie preferences to provide a controlled consent. Read our cookie policy.