Examination and Revision Guidance

This page contains some guidance for the Secure Programming examination.

Exam Format

The exam will follow the common format of Answer any 2 questions from 3 questions given.

The idea of this format is to probe your understanding and your ability to apply concepts from the course in some depth, on a subset of the topics that were covered. Each question may cover one or two topics. This means that learning all of the material that was taught at a superficial surface level (just reading the slides), while good for retaining a broad overview, will not be sufficient for the exam. You will need to do additional reading and thinking to study the subject more deeply, as required by most courses.

Topic Areas

Here is a summary of the topic areas which were covered in the course in Semester 2, 2019/20.

Course Exercises and Reading

The course is supported by practical exercises (lab sessions) and the assessed coursework.

It would be unreasonable in the exam to ask you to craft sophisticated attacks (or defences) by hand, but the course is about programming, so you can certainly expect to see code samples in questions. These may include code in almost any language, including x86 assembler which is covered at the start of the course, and new or research languages (particularly concerning features they provide for secure programming). But only general understanding will be assumed; if unusual constructs are used or required to be understood precisely, they will be explained.

Alongside code-based questions there will be comprehension and analysis questions drawing on concepts in the course, using example real-world or simplified scenarios. To prepare for questions like these, reading the referenced reading given in lectures will be helpful. Lectures also introduce example attacks, some from the past and some more recent; following recent vulnerability reports and thinking about the detail behind media-reported hacks is an excellent way to improve your understanding of the area.

Past Papers and Solutions

The Secure Programming past papers are available from the University library.

There are no sample solutions for past exams in Secure Programming. If you are have trouble answering some of the past exam questions, please ask a question on the course forum (Piazza).

There is a sample question and solution from the secure programming part of the Computer Security course, which was set in 2012, which you might find useful.

After taking Secure Programming, this question should be quite easy (you may find additional issues not covered in the sample solution).


Home : Teaching : Courses : Sp 

Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk
Please contact our webadmin with any comments or corrections. Logging and Cookies
Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh