Vulnerabilities and Exploits

Commerce & Business Administration
Computing Studies & Information Systems
Course Code
CSIS 4480
Semester Length
15 Weeks
Max Class Size
Method Of Instruction
Course Designation
Industry Designation
Typically Offered
To be determined


Course Description
This course introduces students to the knowledge and skills on identifying, acknowledging, assessing, mitigating, and managing various vulnerabilities that pose a threat to the organization’s network and data in general. Topics include various types of vulnerabilities – injection, broken authentication and session management, broken access control, cross-site scripting (XSS), security misconfiguration, sensitive data exposure, insufficient attack, site request forgery (CSRF), using components with known vulnerabilities, and unprotected APIs, to name a few. Students will gain theoretical and hands-on experience in identifying and mitigating vulnerabilities, develop recovery policies and procedures to guide safe return to normal state, define accountability and responsibility, and work with security auditing processes to protect the data and network of the organization. This course is suitable for students who would like to gain overall knowledge on identifying and managing vulnerabilities and exploits associated with computer networks.
Course Content
  1. Cybersecurity threats and attack vectors
  2. Existing cybersecurity security protocols
  3. Security Posture Analysis
  4. Vulnerability Assessment
  5. Cybersecurity controls
  6. Cybersecurity attacks detection
  7. Cybersecurity attacks prevention
  8. Tools and systems that are used to strengthen and improve cybersecurity
  9. Cybersecurity policy development


Methods Of Instruction

The methods of instruction for this course will include lectures, seminars, demonstrations, and hands-on assignments/projects.

Means of Assessment

Assesment will be in accordance with the Douglas College Evaluation Policy.

Assignments and labs

15% - 20% 


15% - 20% 

Midterm exam *

25% - 30% 

Final Exam *

25% - 30%



* Practical hands-on computer exam

In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).

Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.


Learning Outcomes

At the end of this course, the successful student will be able to:

  1. Identify the current vulnerabilities and threats in the cyberworld.
  2. Demonstrate the knowledge on the current exploits and their impact to confidentiality, integrity, and availability of data.
  3. Conduct a security posture analysis that includes a vulnerability assessment of current systems or organizations.
  4. Apply the risk management framework in securing computer systems.
  5. Use latest techniques and tools in securing computer systems.
  6. Design policies and standard operating procedures that will help prevent and/or mitigate vulnerabilities and exploits to the computer systems.
  7. Analyze ways to safely return to a normal state after an exploit.
  8. Define accountability and responsibility to protect the computer system.
Textbook Materials

The course will utilize various resources that discusses cybersecurity vulnerabilities such as the Open Web Application Security Project (OWASP), Information Security Management Controls, Certified Ethical Hacking and other relevant sources. Materials may also include instructor provided notes and resources and/or any textbook approved by the department.



Min grade C in any 2 of (CSIS 4440, 4450, 4470)


Courses listed here must be completed either prior to or simultaneously with this course:

  • No corequisite courses


Courses listed here are equivalent to this course and cannot be taken for further credit:

  • No equivalency courses

Course Guidelines

Course Guidelines for previous years are viewable by selecting the version desired. If you took this course and do not see a listing for the starting semester / year of the course, consider the previous version as the applicable version.

Course Transfers

These are for current course guidelines only. For a full list of archived courses please see

Institution Transfer Details for CSIS 4480
There are no applicable transfer credits for this course.

Course Offerings

Fall 2022