ISOL 534 Application Security Spring 2022 Residency Group Project This residency project gives you the opportunity to review what you’ve learned so far this semester and present a range of topics in the form of a security vulnerability assessment report delivered to management. Your group will use an online lab environment for which your professor will provide access to carry out tasks for the assessment. You will launch the lab environment for Lab 2, Performing a Vulnerability Assessment. You will plan and document a system-wide vulnerability assessment, carry out the assessment, analyze the results from multiple sources, and prepare a report suitable for executive leadership and technical management, with sufficient technical details to drive remediation actions. Part 1 (Vulnerability Assessment Report) The management of your organization, Always Fresh, has determined that sufficient software application risk exists to warrant a formal assessment to map the current attack surface. Your group, the security assurance and compliance group, has been assigned the task of carrying out a vulnerability assessment that will result in actionable tasks to reduce application security risk. Your team will first produce a plan for the assessment project for approval. The plan will include proposed assessment steps, role and responsibility assignments, and goals for the project. The team will then carry out the plan, collect and assess results, and build a report that provides leadership and management with a high-level picture of application security issues and remediation actions, and provides technical personnel with sufficient detail to implement remediation steps. The body of each group’s paper should be no less than 1500 words. The document your group submits must be in Microsoft Word format (.doc or .docx) and be named using the following criteria: ISOL534_SECTION_GROUPNUMBER_Project.docx • SECTION is the section number of your current course (1 letter and 2 digits) As stated earlier, use the online lab environment using access codes provided by your professor for Lab 2 – Performing a Vulnerability Assessment to carry out all assessment scans and activities. Manage your group’s time wisely. Agree on roles and responsibilities for each group member and delegate work among group members. Each group will do the following to carry out a comprehensive vulnerability assessment: • Use nmap to enumerate the entire lab subnetwork (See lab Introduction for a network diagram) o Use nmap options to search for open ports and carry out OS fingerprinting • Describe the lab subnetwork in your report • Carry out vulnerability assessments for your ENTIRE lab subnetwork o Use Nessus AND OpenVAS to scan all nodes in the lab subnetwork • Document assessment tasks carried out and results (combine results from all tools – nmap, OpenVAS, and Nessus) Each group’s paper must include the following: • Description of the project, justification, and scope • Description of the environment your group will assess • A plan of how the assessment will be carried out and what happens with the results your group gets from tools • Audience-specific sections (executive summary, technical summary for management, and full technical results for technical personnel) • Assessment of discovered risk, ranked by importance, along with recommended mitigations for each risk • Cite at least 5 external, peer reviewed scholarly resources to support your specification. (NOTE: patents are NOT peer reviewed.) Your paper must be in APA format, including citations and references, but I’m not particularly concerned with the specific format you select for the paper’s body. Part 2 (Assessment Results Presentation) Each group will create and deliver a presentation of their report and findings to the class. Each group member must participate in the presentation. The presentation must sufficiently cover the contents of the paper and be targeted at management. Your presentation must include coverage of the most important vulnerabilities and recommended mitigations. Further specifications on length and coverage requirements will be provided on the first residency class meeting. At the end of the residency weekend, each group will submit their report (Microsoft Word format) and the slides used in their presentation (Microsoft PowerPoint format.)