The rapid integration of Information and Communication Technology (ICT) is transforming the traditional electrical grid into a {\em Smart Grid}. Smart grids enable two-way communication and improved monitoring and control between utilities and customers. However, due to its heterogeneous nature, public exposure, and weak security at low-powered devices, the Smart Grid has vulnerabilities to various malicious threats, adversaries, and cyber attacks, which may affect cost and service availability. Additionally, when the systems' confidentiality, integrity, or availability are compromised, the resulting fallout can threaten national security and have cascading effects on human lives. Given the extreme consequences of an attack, smart-grid technology must be thoroughly tested for correct operation and security {\em before} it is deployed. As a result, vulnerability testing of smart grids, not only for correctness but for security purposes, has been the subject of numerous studies by academics, government agencies, and private companies. This paper reviews the vulnerabilities associated with the smart grid and spotlights simulation as the vulnerability testing methodology conducted in recent pertinent research works. It also presents various security aspects of the smart grid, including grid applications, system and network infrastructure and components, cyber threats and attacks, simulation, and different mitigation techniques. Finally, we analyze the gaps in the current research works, focusing on simulation. We briefly present a real-time simulation testbed that mimics customer behaviour and integrates hardware in the loop to apply attack methods, analyze vulnerabilities and risk mitigation associated with the smart grid system, and propose future work to improve the current framework.