Module: Secure Programming

Latest Module Specifications

Current Academic Year 2025 - 2026

Module Title	Secure Programming
Module Code	CSC1135 (ITS: CA647)
Faculty	Computing	School	Engineering & Computing
NFQ level	9	Credit Rating	7.5

Description

This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered.

Learning Outcomes

1. Explain how the stack supports procedure call and return, parameter passing and variable allocation
2. 1D646868-3B9A-0001-1C33-1E1015A05890
3. Apply models that implement confidentiality, integrity and hybrid security policies

*Type*	*Hours*	*Description*
Workload	Full time hours per semester
Lecture	36	Online lecture
Tutorial	12	In class discussion
Laboratory	24	Computer lab exercises
Independent Study	96	Independent learning
Assignment Completion	20	Vulnerability detection and exploiting
Lecture	36	Online lecture
Tutorial	12	In class discussion
Laboratory	24	Computer lab exercises
Assignment Completion	20	Vulnerability detection and exploiting
Independent Study	96	Independent learning
Total Workload: 376

Section Breakdown
CRN	10622	Part of Term	Semester 1
Coursework	0%	Examination Weight	0%
Grade Scale	40PASS	Pass Both Elements	Y
Resit Category	RC1	Best Mark	N
Module Co-ordinator	Darragh O'Brien	Module Teacher

Type	Description	% of total	Assessment Date
Assessment Breakdown
Project	Exploiting vulnerabilities project	15%	Week 7
Practical/skills evaluation	Lab exam	15%	Week 10
Formal Examination	End-of-Semester Final Examination	70%	End-of-Semester

Reassessment Requirement Type
Resit arrangements are explained by the following categories; RC1: A resit is available for both^* components of the module. RC2: No resit is available for a 100% coursework module. RC3: No resit is available for the coursework component where there is a coursework and summative examination element. ^* ‘Both’ is used in the context of the module having a coursework/summative examination split; where the module is 100% coursework, there will also be a resit of the assessment

Pre-requisite	None
Co-requisite	None
Compatibles	None
Incompatibles	None

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities

The process address space
Linux process layout in memory. Static and dynamic linking. The stack.

Vulnerabilities
Common vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.

Exploits
How vulnerabilities are exploited. Shellcode generation.

Web security
Client-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.

Secure software development
Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria.

Indicative Reading List

Books:

Robert Seacord: 0, Secure Coding in C and C++, 0321335724
Sverre Huseby: 0, Innocent Code, 0470857447
Matt Bishop: 0, Introduction to Computer Security, 0321247442
Michael Howard & David LeBlanc: 0, Writing Secure Code, 0585486689
John Viega & Gary McGraw: 0, Building Secure Software, 020172152
Ross Anderson: 0, Security Engineering: A Guide To Building Secure Distributed Systems, 9780470068526

Articles:
None

Other Resources

None