CSC2031 : Security Programming
CSC2031 : Security Programming
- Offered for Year: 2026/27
- Module Leader(s): Dr John Mace
- Teaching Assistant: Mr Behrad Samari
- Other Staff: Mr Muhammad Khalid
- Owning School: Computing
- Teaching Location: Ãå±±½ûµØ City Campus
Semesters
Your programme is made up of credits, the total differs on programme to programme.
| Semester 1 Credit Value: | 20 |
| ECTS Credits: | 10.0 |
| European Credit Transfer System | |
Pre-requisite
Modules you must have done previously to study this module
Pre Requisite Comment
N/A
Co-Requisite
Modules you need to take at the same time
Co Requisite Comment
N/A
Aims
All computer scientist graduates should have a fundamental understanding of security when designing and implementing modern day software applications. This module explores key security challenges faced by these applications and the security techniques commonly used to manage them. Students will gain first-hand experience in employing secure software practices and implementing security mechanisms to help address those challenges, including the critical evaluation of code produced using modern development tools such as generative AI.
Outline Of Syllabus
• Security Foundations and Secure Programming
• Flask Web Application Developments
• Web Application Security Principles
• User Registration, Authentication, and Authorisation
• Input Validation, Injection Attacks, and XXS
• Session Management and CSRF Protection
• Error Handling, Logging, and Secure Management
• Threat Modelling and Secure Design
• Secure Development Workflows, including AI-assisted code review and AI-related software security risks
Learning Outcomes
Intended Knowledge Outcomes
To be able to:
• Understand the fundamental principles of security.
• Understand the key security challenges faced by software applications.
• Reason about appropriate security techniques used to manage those security challenges.
• Select suitable programming practices when implementing security mechanisms.
Intended Skill Outcomes
To be able to:
• Implement solutions to key security issues using appropriate programming practices, including critically evaluating and correcting flaws in AI-assisted or AI generated code.
• Read and understand code written using different programming languages.
• Expand and extend existing software applications.
• Understand and problem solve programming errors.
Teaching Methods
Teaching Activities
| Category | Activity | Number | Length | Student Hours | Comment |
|---|---|---|---|---|---|
| Structured Guided Learning | Lecture materials | 11 | 2:00 | 22:00 | Guided review of lecture materials, readings, and recorded content. |
| Guided Independent Study | Assessment preparation and completion | 88 | 1:00 | 88:00 | Preparation and completion of summative coursework and revision of core secure programming principles, including individual consolidation of learning outcomes. |
| Scheduled Learning And Teaching Activities | Lecture | 22 | 1:00 | 22:00 | In person lectures introducing core secure programming concepts and principles. |
| Guided Independent Study | Assessment preparation and completion | 6 | 0:30 | 3:00 | Preparation for formative quizzes and review of core security concepts. |
| Scheduled Learning And Teaching Activities | Practical | 12 | 2:00 | 24:00 | Supervised practical sessions focused on hands on implementation and analysis of secure web applications. |
| Structured Guided Learning | Structured non-synchronous discussion | 12 | 1:00 | 12:00 | Online discussion and Q&A supporting lecture materials and secure programming problem solving. |
| Guided Independent Study | Independent study | 29 | 1:00 | 29:00 | Independent reading and consolidation of secure programming concepts. |
| Total | 200:00 |
Teaching Rationale And Relationship
Lectures present the fundamental theoretical material underpinning secure software development, supporting the intended knowledge outcomes. Substantial practical sessions enable students to develop the intended skills outcomes through hands-on implementation of secure programming techniques within realistic software scenarios. The combination of teaching activities ensures that both conceptual understanding and applied secure programming skills are developed and can be reliably demonstrated.
Reading Lists
Assessment Methods
The format of resits will be determined by the Board of Examiners
Exams
| Description | Length | Semester | When Set | Percentage | Comment |
|---|---|---|---|---|---|
| Digital Examination | 90 | 1 | M | 40 | Controlled digital examination assessing understanding of core security principles, secure programming concepts, and reasoning about software vulnerabilities. |
Other Assessment
| Description | Semester | When Set | Percentage | Comment |
|---|---|---|---|---|
| Case study | 1 | M | 60 | Programming based coursework requiring students to design, implement, analyse, and improve secure software solutions within a realistic application context. |
Formative Assessments
Formative Assessment is an assessment which develops your skills in being assessed, allows for you to receive feedback, and prepares you for being assessed. However, it does not count to your final mark.
| Description | Semester | When Set | Comment |
|---|---|---|---|
| Computer assessment | 1 | M | Online formative quiz assessing understanding of foundational security concepts and secure programming principles. Provides feedback to support learning and exam preparation. |
Assessment Rationale And Relationship
The summative assessment combines coursework (60%) and a controlled digital examination (40%) to assess both applied secure programming skills and individual understanding of core security principles, while maintaining academic integrity in a context where generative AI tools are widely available.
The case study coursework assesses students’ ability to design, implement, analyse, and improve secure software solutions within a realistic application context. It primarily supports the intended skills outcomes by requiring appropriate programming practices, code reading and reasoning, and the identification and resolution of security issues. Students are expected to critically evaluate any AI assisted or AI generated code and remain responsible for the security of their submissions.
The digital exam assesses foundational security concepts and reasoning about secure programming decisions. It supports the intended knowledge outcomes and provides individual verification of learning, ensuring that achievement of the learning outcomes is reliably evidenced even where coursework development may have been assisted by modern tools.
Together, these components provide a balanced and reliable measurement of the learning outcomes, strengthening assessment integrity and AI resilience without altering delivery hours or module scope.
Timetable
- Timetable Website:
Past Exam Papers
- Exam Papers Online :
General Notes
N/A
Welcome to Ãå±±½ûµØ Module Catalogue
This is where you will be able to find all key information about modules on your programme of study. It will help you make an informed decision on the options available to you within your programme.
You may have some queries about the modules available to you. Your school office will be able to signpost you to someone who will support you with any queries.
Disclaimer
The information contained within the Module Catalogue relates to the 2026 academic year.
In accordance with University Terms and Conditions, the University makes all reasonable efforts to deliver the modules as described.
Modules may be amended on an annual basis to take account of changing staff expertise, developments in the discipline, the requirements of external bodies and partners, staffing changes, and student feedback. Module information for the 2027/28 entry will be published here in early-April 2027. Queries about information in the Module Catalogue should in the first instance be addressed to your School Office.