Secure Coding in introductory computing*

We created these materials with the expectation that they (or a subset of them) could be used in a closed laboratory setting as part of a CS1 or CS2 course. We have created several serious games that we expect students could play for a few minutes at the start of the laboratory, as a means to get acquainted with the secure coding topic. Students could then complete the laboratory exercises (or a subset of the laboratory exercises), providing an opportunity to learn about a particular secure coding topic in C++/Java. It is important to note that we use secure coding as a context in which to teach various CS topics.

Each of the laboratory exercises contains a well-known coding disaster. While it is not essential to cover this disaster as part of your laboratory, we believe that it adds a sense of realism to the secure coding topic, and helps students to realize that programming securely really does matter.

Ultimately, secure coding is a mindset rather than a particular set of dos and don'ts. But, we believe that students can start to develop a "security mindset" as they begin to learn to program as part of CS1/CS2.

Please note that these materials are copywritten. You are welcome to use these materials in your classes and with your students. If you wish to use these materials for other purposes (for example, as part of an NSF grant application, publishing them somewhere, etc.), you must first request and receive permission.

Computer Science topic Secure coding topic Language Materials Game
Arrays Array index out of bounds C++ doc, pdf, code game link
Data types Rounding errors C++ docx, pdf, code
Data types Rounding errors Java doc, pdf, code
Functions (using library functions) Checking return values C++ docx, pdf, code game link
Operator precedence Operator precedence C++ docx, pdf, code game link
Parameter passing and the call stack Buffer overruns C++ Stack going up:docx, pdf
Stack going down:docx, pdf
game link
Representation of integers Integer overflow C++ docx, pdf, code game link
Representation of integers Integer overflow Java docx, pdf, code game link
Strings Input validation C++ doc, pdf, code game link
Exceptions Input validation Java docx, pdf, code game link

Instructors: Please email me for solutions.
Some of our colleagues have created secure coding materials, and we encourage you to also take a look at their materials:

* This work is supported in part by NSF DUE-1022557. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily represent the views of the National Science Foundation (NSF). See 1022557 for more detail about the award.