Secure Programming

Secure Programming is a Level 11 course given in Semester 2. See the Course Catalogue Entry for syllabus and assessment information.

Lectures are on Tuesdays and Fridays at 1.10pm in David Hume Tower Lecture Hall B.

  • Final lecture on 24th Mar

The course lecturer is David Aspinall. You can reach him at David.Aspinall@ed[...].

The course is aimed at 4th/5th year undergraduates and MSc students. It is designed to build on previous knowledge in Computer Security, such as our Computer Security course.

Despite the title, the course focuses on software security quite broadly, discussing attacks as well as defensive programming.

This course is appropriate if you did well and enjoyed the programming parts of our Computer Security course (or an equivalent course elsewhere). A good programming and systems background will be an advantage.

Lecture slides and other materials appear here as the course goes along. There is no fixed text book. Reading recommendations will be given in lectures and slides. See the links in the first lecture for some starting points.

10K students


We are trying out Piazza for class questions and discussion. If you want to take part, sign up here. All materials will be delivered on this web page.

Slides and reading

1.   Introduction              view     print    more
2.   Landscape     view     print    more
3.   Corruption I (intro)     view     print    more
4.   Corruption II (stacks)     view     print    more
5.   Corruption III (heaps)     view     print    more
6.   Corruption IV (defences)     view     print    more
7.   Injection I     view     print    more
8.   Injection II (SQL)     view     print    more
9.   Development     view     print    more
10.   Web (http, authent'n)     view     print    more
11.   Web II (urls,xss,authr'n)     view     print    more
12.   Web Apps III (leakage, csrf, etc)     view     print    more
13.   Static Analysis     view     print    more
14.   Static Analysis II     view     print    more
15.   Information Leakage     view     print    more
16.   Race Conditions     view     print    more


There will 3 lab sessions in the course, consisting of guided exercises with checkpoint questions. You are encouraged to take brief notes as answers to checkpoints which you may submit to us for additional feedback.

1. (7th Feb)   Data Corruption    
2. (28th Feb)    Injection   
3. (14th Mar)       Secure App Programming   

The labs are an essential part of the delivery of the course. If you have a lecture clash, you should come to as much of the lab as you can.

Lab checkpoint notes will be accepted until 4pm on the following Monday after the lab, feedback will be available at the next lab and solutions will be posted online and discussed briefly.
If you are working after the labs, you may ask questions to the course team on Piazza.


Here is the coursework (pdf), issued 17th February. The deadline was 22nd March, 4pm.


Some guidance about the examination is available here.

Home : Teaching : Courses 

Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail:
Please contact our webadmin with any comments or corrections. Logging and Cookies
Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh