Page Navigation

Module Descriptors

This page displays the selected Module Descriptor.

Printer friendly version Printer friendly version

Session: 2022/23

Last modified: 21/07/2022 16:25:53

Title of Module: Secure Programming

Code: COMP10068 SCQF Level: 10
(Scottish Credit and Qualifications Framework)
Credit Points: 20 ECTS: 10
(European Credit Transfer Scheme)
School:School of Computing, Engineering and Physical Sciences
Module Co-ordinator:Paul  Keir

Summary of Module

Security in software begins with an initial design and engineering effort, conscious of classic and contemporary security vulnerabilities; as well as corresponding remedial actions and protocols. In this hands-on module we will first explore the nature of secure programming before introducing a taxonomy of established coding errors, as well as information sources such as the MITRE reference system for Common Vulnerabilities and Exposures (CVE). Conventional programming languages including assembly language, C, C++ and Java, along with related compiler tools, form a foundation for the module, while the benefits of contemporary languages such as Mozilla's Rust and Apple's Swift are also thoroughly analysed. The relevance of strong, static typing; functional programming; advanced type systems; and theorem provers for secure software development will also be introduced.

This module will work to develop a number of the key 'I am UWS' Graduate Attributes to make those who complete this module: Universal (Analytical, Critical Thinker & Socially Responsible), Work Ready (Digitally Literate, Problem-Solver & Ambitious), and Successful (Incisive, Creative & Autonomous).

Module Delivery Method
Face-To-FaceBlendedFully OnlineHybridCHybridOWork-based Learning
check mark

Term used to describe the traditional classroom environment where the students and the lecturer meet synchronously in the same room for the whole provision.

A mode of delivery of a module or a programme that involves online and face-to-face delivery of learning, teaching and assessment activities, student support and feedback. A programme may be considered “blended” if it includes a combination of face-to-face, online and blended modules. If an online programme has any compulsory face-to-face and campus elements it must be described as blended with clearly articulated delivery information to manage student expectations

Fully Online
Instruction that is solely delivered by web-based or internet-based technologies. This term is used to describe the previously used terms distance learning and e learning.

Online with mandatory face-to-face learning on Campus

Online with optional face-to-face learning on Campus

Work-based Learning
Learning activities where the main location for the learning experience is in the workplace.

Campus(es) for Module Delivery
The module will normally be offered on the following campuses / or by Distance/Online Learning: (Provided viable student numbers permit)
Paisley:Ayr:Dumfries:Lanarkshire:London:Distance/Online Learning:Other:




check mark




Term(s) for Module Delivery
(Provided viable student numbers permit).
Term 1


Term 2


Term 3


[Top of Page]

Learning Outcomes: (maximum of 5 statements)

On successful completion of this module the student will be able to:

L1. Demonstrate knowledge that covers and integrates most of the principal areas, features, boundaries, terminology and conventions of cyber security and secure programming.

L2. Critically identify, define, conceptualise and analyse both public and private programmatic security hazards.

L3. Use a range of tools and formal methods to audit and support the development of secure software.

L4. Apply knowledge, skills and understanding of the security features offered by a range of programming languages and libraries.

Employability Skills and Personal Development Planning (PDP) Skills
SCQF Headings During completion of this module, there will be an opportunity to achieve core skills in:
Knowledge and Understanding (K and U) SCQF Level 10.

Recognise CVE ID numbers, and prepare a response appropriate to the associated threat level.
Comprehend the relationship between a programming language and the underlying computer hardware; the abstract machine.

Practice: Applied Knowledge and Understanding SCQF Level 10.

Apply standard secure coding guidelines to avoid common security loopholes.
Demonstrate the utility of tools such as compilers; debuggers; profilers; model checkers; and virtual machines for secure programming.

Generic Cognitive skills SCQF Level 10.

Understand the advantages and limitations of programming within an advanced type system.
Appreciate the feature set of libraries for authentication and encryption.

Communication, ICT and Numeracy Skills SCQF Level 10.

Apply secure software development principles to a range of application domains.

Pre-requisites: Before undertaking this module the student should have undertaken the following:
Module Code:
Module Title:
Co-requisitesModule Code:
Module Title:

* Indicates that module descriptor is not published.

[Top of Page]

Learning and Teaching
Students will attend weekly lectures and supervised laboratory sessions.

Lectures will introduce the core concepts of secure development, starting by recognising and repairing insecure systems; as well as developing secure
systems. After a thorough development of secure programming in low-level and conventional programming languages, lecture topics will also introduce formal methods and advanced type systems. Each session will aim to provide one guest lecture, to provide an expert or established professional's insight into a specialist secure development methodology or technology.

Techniques described by the lectures will then be explored more deeply within the laboratory sessions where the student will be provided with access to
virtual machines, tools, and appropriate development environments. These are often accompanied by initial code samples, or binary files, which should be analysed, repaired, or developed according to the assigned tasks.
Learning Activities
During completion of this module, the learning activities undertaken to achieve the module learning outcomes are stated below:
Student Learning Hours
(Normally totalling 200 hours):
(Note: Learning hours include both contact hours and hours spent on other learning activities)
Lecture/Core Content Delivery24
Tutorial/Synchronous Support Activity12
Laboratory/Practical Demonstration/Workshop12
Independent Study152
200 Hours Total

**Indicative Resources: (eg. Core text, journals, internet access)

The following materials form essential underpinning for the module content and ultimately for the learning outcomes:

Robert C. Seacord. Secure Coding in C and C++, Second Edition, Addison Wesley, 2013

The Rust Programming Language by Steve Klabnik and Carol Nichols

Jim Blandy and Jason Orendorff. Programming Rust: Fast, Safe Systems Development, O'Reilly Media, 2017

Secure Programming HOWTO - Creating Secure Software by David Wheeler

John Viega and Matt Messier. Secure Programming Cookbook for C and C++, O'Reilly Media, 2003

Brian Chess and Jacob West. Secure Programming with Static Analysis, Addison-Wesley Professional, 2007

SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition) available online at

The module coordinator will require virtual machine authoring tools, and ITDS assistance to access licensed operating systems materials.

(**N.B. Although reading lists should include current publications, students are advised (particularly for material marked with an asterisk*) to wait until the start of session for confirmation of the most up-to-date material)

Engagement Requirements

In line with the Academic Engagement Procedure, Students are defined as academically engaged if they are regularly engaged with timetabled teaching sessions, course-related learning resources including those in the Library and on the relevant learning platform, and complete assessments and submit these on time. Please refer to the Academic Engagement Procedure at the following link: Academic engagement procedure

[Top of Page]

Supplemental Information

Programme BoardComputing
Assessment Results (Pass/Fail) No
Subject PanelBusiness & Applied Computing
ModeratorGraham Parsonage
External ExaminerD Doolan
Accreditation Details
Version Number


[Top of Page]

Assessment: (also refer to Assessment Outcomes Grids below)
One coursework assignment worth 30% of the overall mark.
One coursework assignment worth 40% of the overall mark.
One class test worth 30% of the overall mark.
(N.B. (i) Assessment Outcomes Grids for the module (one for each component) can be found below which clearly demonstrate how the learning outcomes of the module will be assessed.
(ii) An indicative schedule listing approximate times within the academic calendar when assessment is likely to feature will be provided within the Student Handbook.)

Assessment Outcome Grids (Footnote A.)

Component 1
Assessment Type (Footnote B.) Learning Outcome (1) Learning Outcome (2) Learning Outcome (3) Learning Outcome (4) Weighting (%) of Assessment ElementTimetabled Contact Hours
Laboratory/ Clinical/ Field notebook check markcheck markcheck mark300

Component 2
Assessment Type (Footnote B.) Learning Outcome (1) Learning Outcome (2) Learning Outcome (3) Learning Outcome (4) Weighting (%) of Assessment ElementTimetabled Contact Hours
Laboratory/ Clinical/ Field notebook check markcheck markcheck mark400

Component 3
Assessment Type (Footnote B.) Learning Outcome (1) Learning Outcome (2) Learning Outcome (3) Learning Outcome (4) Weighting (%) of Assessment ElementTimetabled Contact Hours
Class test (practical)check mark  check mark300
Combined Total For All Components100% 0 hours

A. Referred to within Assessment Section above
B. Identified in the Learning Outcome Section above

[Top of Page]

  1. More than one assessment method can be used to assess individual learning outcomes.
  2. Schools are responsible for determining student contact hours. Please refer to University Policy on contact hours (extract contained within section 10 of the Module Descriptor guidance note).
    This will normally be variable across Schools, dependent on Programmes &/or Professional requirements.

Equality and Diversity

UWS Equality and Diversity Policy
(N.B. Every effort will be made by the University to accommodate any equality and diversity issues brought to the attention of the School)

2014 University of the West of Scotland

University of the West of Scotland is a Registered Scottish Charity.

Charity number SC002520.