Computing · Secondary 4

Active learning ideas

Defensive Programming: Error Handling and Logging

Active learning works well here because students need hands-on experience to understand how errors affect programs and how logging reveals hidden issues. By writing and testing their own error handlers, they see resilience in action rather than just hearing about it.

MOE Syllabus OutcomesMOE: Cybersecurity - S4MOE: Defensive Programming - S4
25–45 minPairs → Whole Class4 activities

Activity 01

Problem-Based Learning30 min · Pairs

Pair Programming: Error Handler Challenge

Pairs receive a vulnerable function processing user inputs. They add input validation and try-except blocks to handle exceptions gracefully. Test with edge cases like empty strings or invalid numbers, then swap code for peer review.

Explain the importance of proper error handling in preventing system vulnerabilities.

Facilitation TipDuring Pair Programming: Error Handler Challenge, circulate and ask pairs to explain their error handling choices before they run the code, forcing them to justify their defensive strategies.

What to look forPresent students with short Python code snippets containing common errors (e.g., division by zero, file not found). Ask them to write the try-except block needed to handle each specific error gracefully and print a user-friendly message.

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 02

Problem-Based Learning45 min · Small Groups

Small Groups: Logging Scenarios

Groups implement logging in a simulated banking app for transactions. Use logging levels (DEBUG, INFO, ERROR) to record events. Introduce faults like failed logins, review logs to trace issues, and discuss audit usefulness.

Analyze how logging can assist in detecting and responding to security incidents.

Facilitation TipFor Logging Scenarios, provide a template with placeholder severity levels and timestamps so students focus on selecting the right level instead of formatting details.

What to look forProvide students with a scenario describing a potential security vulnerability (e.g., SQL injection attempt). Ask them to describe: 1) How poor error handling might expose this vulnerability, and 2) What specific information they would log to help detect and investigate such an attempt.

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 03

Problem-Based Learning35 min · Whole Class

Whole Class: Attack Simulation Demo

Display a live demo of an app with poor handling under attack inputs. Class predicts failures, then implements fixes collectively via shared code editor. Analyze generated logs to reconstruct the attack sequence.

Construct a strategy for implementing secure error handling and logging in a software application.

Facilitation TipIn the Attack Simulation Demo, replay the same attack twice: once with poor error handling and once with robust logging, so students directly compare the outcomes.

What to look forFacilitate a class discussion: 'Imagine you are building a user registration system. What are three critical events you would log, and what severity level would you assign to each? Justify your choices, considering both security and performance.'

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 04

Problem-Based Learning25 min · Individual

Individual: Log Analysis Hunt

Provide buggy code output with logs from test runs. Students identify error sources, propose handlers, and rewrite sections. Share findings in a class gallery walk for feedback.

Explain the importance of proper error handling in preventing system vulnerabilities.

Facilitation TipDuring Log Analysis Hunt, assign each student a different log file snippet to analyze, then have them present their findings to the class for peer learning.

What to look forPresent students with short Python code snippets containing common errors (e.g., division by zero, file not found). Ask them to write the try-except block needed to handle each specific error gracefully and print a user-friendly message.

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills
Generate Complete Lesson

A few notes on teaching this unit

Teachers should model debugging live, showing how unhandled exceptions disrupt programs while handled ones allow graceful exits. Avoid teaching logging as a standalone task; instead, tie it to real incidents like failed logins or corrupted files. Research shows students grasp defensive programming better when they experience the consequences of weak defenses firsthand in controlled environments.

Students will confidently implement try-except blocks to handle common exceptions, validate inputs for security, and use the logging module to record events at appropriate severity levels. They will explain why these practices matter for security and performance in real-world applications.

Watch Out for These Misconceptions

  • During Pair Programming: Error Handler Challenge, watch for students who think crashing the program is the only way to know something went wrong.

    Ask pairs to compare their handled programs with unhandled versions, then discuss how graceful exits prevent attackers from gaining system access or seeing error details.

  • During Logging Scenarios, watch for students who believe print statements are as effective as logging modules for security purposes.

    Have students review logs generated by print statements versus the logging module, highlighting missing timestamps, severity levels, and security risks in exposed data.

  • During whole-class discussions about logging verbosity, watch for students who assume more logs are always better.

    Guide students to examine log configs in the Logging Scenarios activity, then revise them to balance detail with security and storage constraints.

Methods used in this brief

More in Cybersecurity and Defense

Introduction to Cybersecurity: Why it Matters

Understanding the importance of cybersecurity in protecting personal and organizational data in the digital age.

2 methodologies

Threat Landscape: Malware and Viruses

Classifying different types of cyber threats, including viruses, worms, and ransomware, and their modes of operation.

3 methodologies

Social Engineering and Phishing

Examining human-based cyber threats like phishing, pretexting, and baiting, and strategies to identify and avoid them.

3 methodologies

Authentication and Authorization

Understanding different methods of user authentication (passwords, biometrics, multi-factor) and authorization.

2 methodologies

Encryption Fundamentals: Symmetric Encryption

Understanding symmetric encryption, where the same key is used for both encryption and decryption.

2 methodologies