A Framework for Integrating Secure Coding Principles into Undergraduate Programming Curricula

  • Sandile Ngwenya
  • Lynn FutcherEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1136)


The rise of the use of the internet has led to significant growth in software applications for conducting business, entertainment and socialising, which in turn has led to a higher rate of attacks on software applications. This problem has led to industry requiring software developers skilled in developing software in a secure manner. The problem that industry faces is that many software development graduates do not have the requisite knowledge in secure programming. Academia should thus address these needs of industry by integrating secure coding principles into undergraduate programming curricula. In South Africa, however, this is often not formally done. This paper suggests some secure coding principles that could be integrated into programming curricula, together with various integration approaches and related challenges. It presents a framework for integrating secure coding principles into undergraduate programming curricula to ensure the formal planning and ‘buy-in’ of academic staff at all levels. The purpose of the framework is to guide computing faculties about ‘what’ secure coding principles to teach and ‘where’ to teach them.


Undergraduate curricula Secure coding principles Secure programming 


  1. 1.
    ACM: Key Education Activities.
  2. 2.
    Agama, E., Chi, H.: A framework for teaching secure coding practices to STEM students with mobile devices. In: Proceedings of the ACM Southeast Regional Conference, pp. 1–4 (2014)Google Scholar
  3. 3.
    Aratyn, T., Kazerooni, S.: Secure Web Application Framework Manifesto (2010)Google Scholar
  4. 4.
    Aziz, N.A., Shamsuddin, S.N.Z., Hassan, N.A.: Inculcating secure coding for beginners. In: Proceedings of the ICIC International Conference on Informatics and Computing, pp. 164–168 (2016)Google Scholar
  5. 5.
    Bangani, S., Futcher, L., van Niekerk, J.: An approach to teaching secure programming in the .NET environment. In: Tait, B., et al. (eds.) SACLA 2019. CCIS, vol. 1136, pp. 35–49 (2020)Google Scholar
  6. 6.
    Burley, D., Bishop, M., Buck, S., Ekstrom, J., Futcher, L., Gibson, D.: Cybersecurity Curricula. Technical report (2017)Google Scholar
  7. 7.
    Choudhury, A.J., Kumar, P., Sain, M., Lim, H., Hoon, J.L.: A strong user authentication framework for cloud computing. In: Proceedings of the APSCC IEEE Asia-Pacific Services Computing Conference, pp. 110–115 (2011)Google Scholar
  8. 8.
    Dark, M.J., Lauren, S., Ngambeki, I., Bishop, M.: Effect of the secure programming clinic on learners’ secure programming practices (2016)Google Scholar
  9. 9.
    Dark, M.J., Ngambeki, I., Bishop, M., Belcher, S.: Teach the hands, train the mind — a secure programming clinic. In: Proceedings of the 19th Colloquium for Information Systems Security Education (2015)Google Scholar
  10. 10.
    Duong, T., Rizzo, J.: Cryptography in the web: the case of cryptographic design flaws in ASP.NET. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 481–489 (2011)Google Scholar
  11. 11.
    Gomana, L.G.: Towards a framework for the integration of information security into undergraduate computing curricula. Masters dissertation, Nelson Mandela Metropolitan Univ. (2017)Google Scholar
  12. 12.
    Ingham, K.L.: Implementing a successful secure coding continuing education curriculum for industry: challenges and successful strategies. In: Proceedings of Software Engineering Education and Training Workshops, pp. 1–11 (2006) Google Scholar
  13. 13.
  14. 14.
    Khomokhoana, P.J., Nel, L.: Decoding source code comprehension: bottlenecks experienced by senior computer science students. In: Tait, B., et al. (eds.) SACLA 2019. CCIS, vol. 1136, pp. 17–32 (2020)Google Scholar
  15. 15.
    Kindy, D.A., Pathan, A.S.K.: A survey on SQL injection: vulnerabilities, attacks, and prevention techniques. In: Proceedings of the ISCE International Symposium on Consumer Electronics, pp. 468–471 (2011)Google Scholar
  16. 16.
    Lunt, B., et al.: Information technology: curriculum guidelines for undergraduate degree programs in information technology. ACM/IEEE Joint Technical report (2008)Google Scholar
  17. 17.
    Orey, M., Forehand, M.: Emerging perspectives on learning, teaching, and technology (2011)Google Scholar
  18. 18.
    OWASP: Secure coding practices quick reference guide. Technical report (2010)Google Scholar
  19. 19.
    Sabin, M., et al.: Information technology curricula. Technical report. ACM (2017)Google Scholar
  20. 20.
    Sadeghi, A.R., Wachsmann, C., Waidner, M.: Security and privacy challenges in industrial Internet of Things. In: Proceedings of the DAC Design Automation Conference, pp. 1–6 (2015)Google Scholar
  21. 21.
    Starr, C., Manaris, B., Stalvey, R.: Bloom’s taxonomy revisited: specifying assessable learning objectives in computer science. In: Proceedings of the 39th SIGCSE Technical Symposium on Computer Science Education, p. 22 (2008)Google Scholar
  22. 22.
    Taylor, B., Bishop, M., Hawthorne, E., Nance, K.: Teaching secure coding: the myths and the realities. In: Proceedings of the 44th ACM Technical Symposium on Computer Science Education, pp. 281–282 (2013)Google Scholar
  23. 23.
    The joint task force on computing curricula: curriculum guidelines for undergraduate programs in computer science. ACM Technical report (2013)Google Scholar
  24. 24.
    Visaggio, C., Blasio, L.C.: Session management vulnerabilities in today’s web. IEEE Secur. Priv. 8(5), 48–56 (2010)CrossRefGoogle Scholar
  25. 25.
    Whitney, M., Richter, H.L., Chu, B., Zhu, J.: Embedding secure coding instruction into the IDE: a field study in an advanced CS course. In: Proceedings of the 46th ACM Technical Symposium on Computer Science Education, SIGCSE 2015 pp. 60–65 (2015)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of ITNelson Mandela UniversityPort ElizabethSouth Africa

Personalised recommendations