Aiming to enhance the protection of the online services against cyber-attacks, National Grid needed to identify all security weaknesses of the utilized web applications and mitigate the risk of misusing the network services.
As a security consultant, RSK Business Solution needed to:
- Perform the evaluation of security risks for the business-critical web applications and network services.
- Provide detailed recommendations on the improvement of information systems’ security level.
The security testing approach suggested by RSK Business Solution was based on the OWASP security testing guidelines.
RSK Business Solution presented a holistic solution to National Grid which included:
- Analysis of the information from public resources.
- Vulnerability Assessment: discovering all vulnerabilities in the target web and application servers with the use of known automated tools.
- Black Box and White Box penetration testing.
- Controlled hacking of the target systems by experts certified in information security, with the aim to confirm the identified vulnerabilities and discover the undetected ones.
- Securitised an additional layer of security on Authentication mechanism using MFA.