Vulnerabilities and Exploits

Curriculum guideline

Effective Date:
Course
Discontinued
No
Course code
CSIS 4480
Descriptive
Vulnerabilities and Exploits
Department
Computing Studies & Information Systems
Faculty
Commerce & Business Administration
Credits
3.00
Start date
End term
Not Specified
PLAR
No
Semester length
15 Weeks
Max class size
35
Course designation
None
Industry designation
CCSP,CEH,CFCE,CHFI,CISA,CISM,CISSP,CRISC,GCFA,GCFE,GSEC,OSCP
Contact hours

Lecture: 2 hours/week
Seminar: 2 hours/week

Method(s) of instruction
Lecture
Seminar
Learning activities

The methods of instruction for this course will include lectures, seminars, demonstrations, and hands-on assignments/projects.

Course description
This course introduces students to the knowledge and skills on identifying, acknowledging, assessing, mitigating, and managing various vulnerabilities that pose a threat to the organization’s network and data in general. Topics include various types of vulnerabilities – injection, broken authentication and session management, broken access control, cross-site scripting (XSS), security misconfiguration, sensitive data exposure, insufficient attack, site request forgery (CSRF), using components with known vulnerabilities, and unprotected APIs, to name a few. Students will gain theoretical and hands-on experience in identifying and mitigating vulnerabilities, develop recovery policies and procedures to guide safe return to normal state, define accountability and responsibility, and work with security auditing processes to protect the data and network of the organization. This course is suitable for students who would like to gain overall knowledge on identifying and managing vulnerabilities and exploits associated with computer networks.
Course content
  1. Cybersecurity threats and attack vectors
  2. Existing cybersecurity security protocols
  3. Security Posture Analysis
  4. Vulnerability Assessment
  5. Cybersecurity controls
  6. Cybersecurity attacks detection
  7. Cybersecurity attacks prevention
  8. Tools and systems that are used to strengthen and improve cybersecurity
  9. Cybersecurity policy development

 

Learning outcomes

At the end of this course, the successful student will be able to:

  1. Identify the current vulnerabilities and threats in the cyberworld.
  2. Demonstrate the knowledge on the current exploits and their impact to confidentiality, integrity, and availability of data.
  3. Conduct a security posture analysis that includes a vulnerability assessment of current systems or organizations.
  4. Apply the risk management framework in securing computer systems.
  5. Use latest techniques and tools in securing computer systems.
  6. Design policies and standard operating procedures that will help prevent and/or mitigate vulnerabilities and exploits to the computer systems.
  7. Analyze ways to safely return to a normal state after an exploit.
  8. Define accountability and responsibility to protect the computer system.
Means of assessment

Assesment will be in accordance with the Douglas College Evaluation Policy.

Assignments and labs

15% - 20% 

Quizzes

15% - 20% 

Midterm exam *

25% - 30% 

Final Exam *

25% - 30%

Total 

100% 

* Practical hands-on computer exam

In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).

Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.

 

Textbook materials

The course will utilize various resources that discusses cybersecurity vulnerabilities such as the Open Web Application Security Project (OWASP), Information Security Management Controls, Certified Ethical Hacking and other relevant sources. Materials may also include instructor provided notes and resources and/or any textbook approved by the department.

Prerequisites

Min grade C in any 2 of (CSIS 4440, 4450, 4470)

Corequisites

Courses listed here must be completed either prior to or simultaneously with this course:

  • No corequisite courses
Equivalencies

Courses listed here are equivalent to this course and cannot be taken for further credit:

  • No equivalency courses