CSC2031 : Security Programming
- Offered for Year: 2026/27
- Module Leader(s): Dr John Mace
- Teaching Assistant: Mr Behrad Samari
- Other Staff: Mr Muhammad Khalid
- Owning School: Computing
- Teaching Location: Newcastle City Campus
Semesters
Your programme is made up of credits, the total differs on programme to programme.
| Semester 1 Credit Value: | 20 |
| ECTS Credits: | 10.0 |
| European Credit Transfer System | |
Aims
All computer scientist graduates should have a fundamental understanding of security when designing and implementing modern day software applications. This module explores key security challenges faced by these applications and the security techniques commonly used to manage them. Students will gain first-hand experience in employing secure software practices and implementing security mechanisms to help address those challenges, including the critical evaluation of code produced using modern development tools such as generative AI.
Outline Of Syllabus
• Security Foundations and Secure Programming
• Flask Web Application Developments
• Web Application Security Principles
• User Registration, Authentication, and Authorisation
• Input Validation, Injection Attacks, and XXS
• Session Management and CSRF Protection
• Error Handling, Logging, and Secure Management
• Threat Modelling and Secure Design
• Secure Development Workflows, including AI-assisted code review and AI-related software security risks
Teaching Methods
Teaching Activities
| Category | Activity | Number | Length | Student Hours | Comment |
|---|---|---|---|---|---|
| Guided Independent Study | Assessment preparation and completion | 88 | 1:00 | 88:00 | Preparation and completion of summative coursework and revision of core secure programming principles, including individual consolidation of learning outcomes. |
| Scheduled Learning And Teaching Activities | Lecture | 22 | 1:00 | 22:00 | In person lectures introducing core secure programming concepts and principles. |
| Guided Independent Study | Assessment preparation and completion | 6 | 0:30 | 3:00 | Preparation for formative quizzes and review of core security concepts. |
| Structured Guided Learning | Lecture materials | 11 | 2:00 | 22:00 | Guided review of lecture materials, readings, and recorded content. |
| Scheduled Learning And Teaching Activities | Practical | 12 | 2:00 | 24:00 | Supervised practical sessions focused on hands on implementation and analysis of secure web applications. |
| Structured Guided Learning | Structured non-synchronous discussion | 12 | 1:00 | 12:00 | Online discussion and Q&A supporting lecture materials and secure programming problem solving. |
| Guided Independent Study | Independent study | 29 | 1:00 | 29:00 | Independent reading and consolidation of secure programming concepts. |
| Total | 200:00 |
Teaching Rationale And Relationship
Lectures present the fundamental theoretical material underpinning secure software development, supporting the intended knowledge outcomes. Substantial practical sessions enable students to develop the intended skills outcomes through hands-on implementation of secure programming techniques within realistic software scenarios. The combination of teaching activities ensures that both conceptual understanding and applied secure programming skills are developed and can be reliably demonstrated.
Assessment Methods
The format of resits will be determined by the Board of Examiners
Exams
| Description | Length | Semester | When Set | Percentage | Comment |
|---|---|---|---|---|---|
| Digital Examination | 90 | 1 | M | 40 | Controlled digital examination assessing understanding of core security principles, secure programming concepts, and reasoning about software vulnerabilities. |
Other Assessment
| Description | Semester | When Set | Percentage | Comment |
|---|---|---|---|---|
| Case study | 1 | M | 60 | Programming based coursework requiring students to design, implement, analyse, and improve secure software solutions within a realistic application context. |
Formative Assessments
Formative Assessment is an assessment which develops your skills in being assessed, allows for you to receive feedback, and prepares you for being assessed. However, it does not count to your final mark.
| Description | Semester | When Set | Comment |
|---|---|---|---|
| Computer assessment | 1 | M | Online formative quiz assessing understanding of foundational security concepts and secure programming principles. Provides feedback to support learning and exam preparation. |
Assessment Rationale And Relationship
The summative assessment combines coursework (60%) and a controlled digital examination (40%) to assess both applied secure programming skills and individual understanding of core security principles, while maintaining academic integrity in a context where generative AI tools are widely available.
The case study coursework assesses students’ ability to design, implement, analyse, and improve secure software solutions within a realistic application context. It primarily supports the intended skills outcomes by requiring appropriate programming practices, code reading and reasoning, and the identification and resolution of security issues. Students are expected to critically evaluate any AI assisted or AI generated code and remain responsible for the security of their submissions.
The digital exam assesses foundational security concepts and reasoning about secure programming decisions. It supports the intended knowledge outcomes and provides individual verification of learning, ensuring that achievement of the learning outcomes is reliably evidenced even where coursework development may have been assisted by modern tools.
Together, these components provide a balanced and reliable measurement of the learning outcomes, strengthening assessment integrity and AI resilience without altering delivery hours or module scope.
Reading Lists
Timetable
- Timetable Website: www.ncl.ac.uk/timetable/
- CSC2031's Timetable