College of the Rockies
College of the Rockies
Log in Sign up

Applied Offensive Cyber Security: Real-World Penetration Testing and Vulnerability Analysis

CIP Code - 43.0403
Open Closing on October 5, 2025
Main contact
York University
York University
Toronto, Ontario, Canada
Bip Thapa
Educator
(17)
5
Timeline
  • October 21, 2025
    Experience start
  • December 3, 2025
    Experience end
Experience
5 projects wanted
Dates set by experience
Preferred companies
Anywhere
Any company type
Any industries

Experience scope

Categories
Security (cybersecurity and IT security)
Skills
vulnerability assessments offensive security security risk cyber security ethical hacking ethical standards and conduct penetration testing common vulnerability scoring system (cvss) operating systems workflow management
Learner goals and capabilities

Students in this post-graduate certificate program are advanced students who have undergone intensive training in ethical hacking, vulnerability analysis, and offensive cybersecurity.


They are capable of:

  • Conducting professional-grade penetration testing and vulnerability assessments
  • Applying the seven phases of penetration testing to identify, document, and remediate real-world security threats
  • Analyzing Tactics, Techniques, and Procedures (TTPs) used by malicious actors
  • Installing, configuring, and using offensive security tools across web apps and OS environments
  • Creating detailed technical reports and security risk ratings with strategic recommendations
  • Working in teams to simulate real-world threat scenarios, leveraging professional tools and workflows


Learners

Learners
Post-graduate
Advanced levels
20 learners
Project
40-60 hours per learner
Educators assign learners to projects
Teams of 3
Expected outcomes and deliverables

Over the course of this capstone project, student teams will apply their offensive cybersecurity skills in a real-world or simulated setting. They will assess systems, identify vulnerabilities, and produce formal documentation and recommendations based on professional standards.


Deliverables include:

  • Penetration Testing Plan – detailing scope, methodology, and goals
  • Vulnerability Assessment – findings from testing including identified risks and impacted assets
  • Exploit Analysis – demonstration or documentation of successful exploit attempts (in sandbox)
  • Remediation Strategy – prioritized recommendations for fixing vulnerabilities
  • Risk Rating Report – formalized using an industry-standard scale (e.g., CVSS)
  • Capstone Presentation – walkthrough of findings and recommendations


Note: All assessments will respect legal, ethical, and institutional boundaries (no live production systems tested without written approval).

Project timeline
  • October 21, 2025
    Experience start
  • December 3, 2025
    Experience end

Project examples

Ideal project partners:

  • Have a secure test environment or are open to simulated/sandbox projects
  • Are curious about their security posture or want a second opinion
  • Can provide scope, access, or sample datasets for a realistic experience
  • Are open to giving feedback on final reports or presentations


Project examples

  • Performing a controlled penetration test on a test environment or sandbox application
  • Assessing a simulated corporate network or web application for known exploits
  • Creating a threat model and risk report for a cloud-based system
  • Testing access controls and permissions in a role-based access environment
  • Building a full vulnerability report for a startup, nonprofit, or SME sandbox system


Projects must be legal, ethically sound, and clearly scoped. Students can work with simulated data, staging environments, or predefined lab scenarios provided by the employer.

Additional company criteria

Companies must answer the following questions to submit a match request to this experience:

  • Q1 - Text short
    Do you have a secure test or sandbox environment students can work in?  *
  • Q2 - Text short
    What type of system or application would you like assessed?  *
  • Q3 - Text short
    What are your top concerns or goals for this security engagement (e.g., specific vulnerabilities, risk level)?  *
  • Q4 - Text short
    Are you interested in receiving a formal report with remediation recommendations?  *
  • Q5 - Text short
    Can someone from your team be available for occasional check-ins or feedback?  *