Secure Programming

Secure Programming is a Level 11 course given in Semester 2. See the DRPS Course Catalogue Entry for syllabus and assessment information.

Lectures are held

The course lecturer is David Aspinall. You can reach him at David.Aspinall@ed[...].

The course is aimed at MSc students and 4th/5th year undergraduates. It builds on a first course in Computer Security, such as our Computer Security course.

The course focuses on software security quite broadly, discussing attacks as well as defensive programming. A good programming and systems background will be necessary.

Lecture slides and other materials appear here as the course goes along. There is no fixed text book. Reading recommendations will be given in lectures and slides. See the links in the first lecture for some starting points.

Resources on Learn

All course content will be published on this web page.

On Learn you can access the lecture recordings.


You can ask questions and discuss the course on Piazza. Please do not disclose any coursework answer in any public questions.

Slides and reading

1.   Introduction     view     print    more
2.   Landscape     view     print    more
3.   Memory Corruption     view     print    more
4.   MC: Stacks & Heaps     view     print    more
5.   MC: Countermeasures     view     print    more
6.   CWEs, Injection     view     print    more
7.   SQL Injection     view     print    more
8.   Race Conditions     view     print    more
9.   Development     view     print    more
10.   Web I (authentication)     view     print    more
11.   Web II (urls,xss,authr’n)     view     print    more
12.   Web Apps III (leakage +)     view     print    more
13.   Static Analysis     view     print    more
14.   Static Analysis II     view     print    more
15.   Information Leakage     view     print    more
16.   Android Malware     view     print    more
17.   Software Protection     view     print    more


There will 5 lab sessions in the course, consisting of guided exercises with checkpoint questions. You are encouraged to take brief notes as answers to checkpoints which you may submit to us for additional feedback.

Labs will be held in AT 5.05 West Lab, on:

  • Tuesday 9am-11am in Week 3
  • Wednesdays 3pm-5pm in Weeks 5, 7, 9 and 10.
1. (29th Jan)    Env & SUID (+overflows)
2. (13th Feb) Shellshock and Race conditions
3. (6th Mar) Injection
4. (20th Mar) Web attacks
5. (27th Mar) Android repackaging

The labs are an essential part of the delivery of the course and supported by hands-on demonstrators. If you have a lecture clash, you should come to as much of the lab as you can. You may undertake (or complete) labs in your own time but you will not have access to the lab demonstrators.


There is one assessed coursework for the course, split into two halves.

The combined deadline is 4pm 22nd Mar.


Some guidance about the examination is available here.

Home : Teaching : Courses 

Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail:
Please contact our webadmin with any comments or corrections. Logging and Cookies
Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh