[an error occurred while processing this directive]
<meta NAME="ROBOTS" CONTENT="index,follow">
<meta NAME="keywords" CONTENT=" fundamental, participant, requirements, attack, language, vulnerabilities, understanding, example, cause, programming, module, vulnerability, level, software, understand, place, problems, mitigation, between, introduce, security, detection, critical, course, during, review, systems, some, code, includes, mathematics, able, department, compositionality, corresponding, descriptions, considerations, insufficient, appropriately, practitioner, exceptional, concurrency, perspective, consequences, attributed, inadequate, situations, incomplete, components, development, methodology, foundations, university, objectives, successful, conceptual, experience, developing, interface, treatment, motivation, threading, motivating, abstraction, throughout, addresses, improving, designing, reviewing, remaining, escalation, eliminate, practical, analysing, fragments, handling, practices, recommended, engineering, moreover, mismatch, operating, computer, arbitrary, execution, privilege, principles, evolving, mitigate, injection, contents, details, knowledge, context, ability, writing, science, sources, arising, relates, explore, detailed, oriented, issues, affinity, oxford, classes, dilemma, channel, threat, models, needed, gained, require">
<meta name="DESCRIPTION" content="Secure Programming course Many security vulnerabilities arise at the programming level These can often be attributed to inadequate handling of exceptional situations, poor understanding of the details of the programming language in use, incomplete descriptions of the interface between components, and insufficient care in the treatment of concurrency and threading issues Moreover, there is often a mismatch between high level security requirements and the corresponding code level requirements This course addresses those problems from a programming perspective in a security context, with the aim of improving the practitioner's ability in designing, writing, and reviewing security critical code ">


<meta name="Edited" content="Fri, 16 May 2025 18:20:01 GMT">
<meta name="Published" content="Fri, 16 May 2025 18:20:06 GMT">

<title>Software Engineering at Oxford | Secure Programming ( SCP )</title>

<!-- icon -->
<link rel="shortcut icon" type="image/ico" href="../favicon.ico">

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">_uacct = "UA-1306673-1";urchinTracker();/*UA-579489-1*/</script>
<META name="verify-v1" content="CwYQSB0rDIbG5v7tQy+2xKxvNEoOxCNSFYYF7mSW7bo=" />
[an error occurred while processing this directive]

<div id="breadcrumb">
   
   <ul class="mainnav">
      <li>
         <a href="/">Computer Science</a></li><li><a href="/softeng/security/">Systems Security</a>
      </li>
      <li>
         <a href="/softeng/courses/">Courses</a>
      </li>
      <li>
         <a href="/softeng/courses/subjects.html">Subjects</a>
      </li>
      <li>
         <span class="youarehere">Secure Programming ( SCP )</span>
      </li>
   </ul>
</div>


<!--
<span id="headerItem">
  <a href="../programme/contact.html" title="Contacts">Contact</a> | 
  <a href="../search/search.jsp" title="Search">Search</a> |
  <a href="../sitemap.html" title="Sitemap">Site map</a> | 
  <a href="https://www.softeng.ox.ac.uk/signin/" title="Sign in">Sign
  in</a>
</span>
-->

<div id="content">

<table cellpadding="0" cellspacing="0" border="0"><tr><td style="width: 75px"><div style="width: 75px;height: 75px"><div style="width: 55px;height: 55px; margin: 10px;-moz-box-shadow: 0px 5px 5px rgba(0,0,0,0.3), -2px 1px 5px rgba(0,0,0,0.3), 2px 1px 5px rgba(0,0,0,0.3); -webkit-box-shadow: 0px 5px 5px rgba(0,0,0,0.3), -2px 1px 5px rgba(0,0,0,0.3), 2px 1px 5px rgba(0,0,0,0.3); box-shadow: 0px 5px 5px rgba(0,0,0,0.3), -2px 1px 5px rgba(0,0,0,0.3), 2px 1px 5px rgba(0,0,0,0.3);-moz-border-radius: 8px;-webkit-border-radius: 8px; border-radius: 8px;" id="SCPBg"><div style="font-size: 14px; font-weight: bold; text-align:center; position: relative; top: 20px; background-color: transparent; color: white">SCP</div></div></div></td><td style="vertical-align:middle"><h1>Secure Programming</h1></td></tr></table>
      <div>
	
	<p>Many security vulnerabilities arise at the programming level. These can often be attributed to inadequate handling of exceptional situations, poor understanding of the details of the programming language in use, incomplete descriptions of the interface between components,  and insufficient care in the treatment of concurrency and threading issues. Moreover, there is often a mismatch between high-level security requirements and the corresponding code-level requirements.

This course addresses those problems from a programming perspective in a security context, with the aim of improving the practitioner's ability in designing, writing, and reviewing security-critical code.</p>
<h4>Course dates</h4>
<center>
<table style="margin-left: 20px" width="95%">
<tr><td width="22%" valign="top">14th July 2025</td><td valign="top">Oxford University Department of Computer Science - Held in the Department</td><td valign="top" width="33%">08 places remaining.</td></tr>
</table>
</center>
<h4>Objectives</h4>
<p>The successful participant will: be able to understand the fundamental sources of vulnerabilities arising at the programming level, and how this relates to evolving threat models; have an understanding of the conceptual tools needed to mitigate and eliminate these vulnerabilities; have gained practical experience in developing and analysing security critical code fragments; be able to place such practices appropriately within a systems development methodology.</p>
<h4>Contents</h4>
<p><ul>
<li>Motivation Explore the causes between some well known software security problems and motivating examples. Define terms used throughout the course.</li>
<li>Foundations of code vulnerabilities: from design to code Introduce vulnerability and attack examples; understand fundamentals of cause, detection during review, and mitigation.</li>
<li>Operating systems considerations and security consequences Introduce vulnerability and attack examples; understand fundamentals of cause, detection during review, and mitigation. This includes, e.g., arbitrary code execution and privilege escalation.</li>
<li>Non-compositionality of security Introduce vulnerability and attack examples; understand fundamentals of cause, detection during review, and mitigation. This includes, e.g., SQL injection and classes of web vulnerabilities.</li>
<li>The abstraction dilemma: Side channel attacks Introduce vulnerability and attack examples; understand fundamentals of cause, detection during review, and mitigation</li>
</ul></p>
<h4>Requirements</h4>
<p>This module does not require prior knowledge of any other modules. However, participants should also have a good, detailed understanding of programming in some language, for example to the level offered by the Object-Oriented Programming module. For understanding the principles behind detection and mitigation, affinity with mathematics is highly recommended, for example as in the Software Engineering Mathematics module.</p>

	
      </div>

<br>

    
[an error occurred while processing this directive]

<!--  mainnav div starts -->
<div id="nav">     
 <h2 id="mainsections">Main sections</h2>
 
 <h2 id="inthissection">Programme</h2>
 <ul class="mainnav" >
  <li>
   <a href="../" title="Return to the Home page" class="menu" >Home</a>
  </li>
  <li>
   <a href="../programme/index.html" title="About the programme" class="menu">About</a>
  </li>
  <li>
   <a href="../programme/history.html" title="The history of the Programme"  class="menu">History</a>
  </li>
  <li>
   <a href="../programme/people.html" title="The people involved" class="menu">People</a>
  </li>
  <li>
   <a href="http://www.cs.ox.ac.uk" title="Department of Computer Science" class="menu">Department</a>
  </li>
  <li>
   <a href="../programme/contact.html" title="Getting in touch" class="menu">Contact us</a>
  </li>
  </ul>
  
  
  <h2 id="inthissection">Courses</h2>
  <ul class="mainnav">
  <li>
   <a href="../courses/" title="About the courses" class="menu">About</a>
  </li>
  <li>
   <a href="../courses/subjects.html" title="Subjects offered" class="currentsection">Subjects</a>
  </li>
  <li>
   <a href="../courses/calendar.html" title="Course dates" class="menu">Calendar</a>
  </li>
  <li>
   <a href="../courses/booking.html" title="How to book a place on a course" class="menu">Booking</a>
  </li>
  </ul>
  
  
  <h2 id="inthissection">Study</h2>
  <ul class="mainnav">
  <li>
   <a href="../study/" title="Flexible, postgraduate study" class="menu">About</a>
  </li>
  <li>
   <a href="../study/awards.html" title="Academic awards" class="menu">Awards</a>
  </li>
  <li>
   <a href="../study/fees.html" title="University fees" class="menu">Fees</a>
  </li>
  <li>
   <a href="../study/apply.html" title="How to apply" class="menu">Applications</a>
  </li>
  <li>
   <a href="../study/collegiate.html" title="Collegiate University" class="menu">Colleges</a>
  </li>
  </ul>
  
  
  <h2 id="inthissection">Resources</h2>
  <ul class="mainnav">
  <li>
   <a href="../handbook/" title="Handbook" class="menu">Handbook</a>
  </li>
  <li>
   <a href="../brochures/" title="Brochures" class="menu">Brochures</a>
  </li>
 </ul>



[an error occurred while processing this directive]