Explore KSACs by Pathway
In late 2025, the Partnership pulled together members of industry from across tech to share how the in-demand skillsets for entry-level roles in their fields have changed in the last two years. The Knowledge, Skills & Abilities and Credentials (KSACs) below reflect their feedback on entry-level expectations, especially in a tech workplace increasingly shaped by AI.
10. Secure Coding Principles
| Label | KSAC Description | Bloom's Taxonomy Level | |
|---|---|---|---|
| a | Identify common coding errors that lead to insecure programs (e.g., buffer overflows, memory leaks, malicious code) and apply strategies for avoiding such errors. | skill | 3 |
| b | Knowledge of principles of cybersecurity. | knowledge | 2 |
| c | Understanding of secure coding principles. | knowledge | 3 |
| d | Apply the principles of least privilege, defensive programming, and fail-safe defaults. | ability | 3 |
| e | Ability to determine what information can and more importantly can not be logged (e.g. compliance considerations). | knowledge | 2 |
| f | Write code with logging capabilities. | skill | 2 |
| g | Awareness of Defensive programming. | knowledge | 1 |
| h | Understand basics of securing web apps - SQL Injection and other input validation (parameterized queries, ORM safety, and input sanitization). | knowledge | 3 |
| i | Ability to determine the origins of open source code. | ability | 3 |
| j | Understand software bill of materials (SBOM). | knowledge | 2 |
| k | Understanding and contextualizing sectoral differences between developing for public sector and private sector. | knowledge | 2 |
| l | Understand supply-chain security (dependency risks, package integrity). | knowledge | 1 |
| m | Understand secure API design, authentication flows (OAuth2, JWT), and session handling. | knowledge | 1 |
Credentials
- N/A