Open worldwide application security project has secure coding practices quick reference guide that helps focus on secure coding requirements for easy reference. It is a great tool for development teams to quickly understand and refer to for secure coding practices. For the purpose of cybersecurity analyst exam, you need to know input validation, output encoding, session management, authentication, data protection, and parameterized queries within secure coding best practices.
Best practices have checklist within the OWASP secure coding practices to help ensure everything is covered. Input validation for example has things like validate data range, validate expected data types, specify proper character sets, identify data sources and classify them into trusted and untrusted, validate all input against white list of allowed characters when possible, and much more. Output encoding has conduct all encoding on a trusted system, utilize a standard, tested routine for each type of outbound encoding, encode all characters unless they are known to be safe for the intended interpreter, sanitize output of untrusted data to queries for SQL, XML, and LDAP, and more. The reference guide can be downloaded/viewed here.
HansITAcademy 