Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Mitigating common security vulnerabilities

Updated on July 1, 2021

In addition to the policies on the Security Policies landing page, Pega Platform offers additional security restrictions that control cross-site request forgery (CSRF), content security policies (CSP), cross-origin resource sharing (CORS), and others. Use these features to ensure that your system is as secure as possible.

  • Understanding Cross-Site Request Forgery (CSRF)
  • Using HTTP response headers

    To improve the security of your application against client-based attacks, you can use the HTTP response headers that are supported by your browser.

  • Defining cross-origin resource sharing (CORS) policies

    Cross-origin resource sharing (CORS) policies define a method that enables a browser and server to interact and determine whether it is safe to allow a cross-origin request. For example, a client using a Pega Marketing application running in a browser, may see advertisements from third-parties, and if they click one of these advertisements, the CORS policy will record that the advertisement was viewed or clicked on.

  • Securing your application with a content security policy

    You can use content security policies to indicate from where your application can load resources, which makes your application more secure. To view or update the content security policies in your application, or to view the content security policies that are available in Pega Platform, do one of the following actions.

  • Configuring the deserialization filter

    In Pega Platform, a global filter checks a list of blocked classes that are not allowed to be deserialized. You can add classes to the global deserialization filter to increase the security of your application by preventing unauthorized access.

  • Searching for security vulnerabilities in rules

    The Rule Security Analyzer can find specific JavaScript or SQL coding patterns that might indicate a security vulnerability. The most effective way to search for vulnerabilities is to run the Rule Security Analyzer several times, each time matching against a different regular expression rule. If the Rule Security Analyzer finds problems, you can fix them to make your system more secure.

  • Configuring the Java injection check

    At design time and at run time, Pega Platform checks activities, functions, and stream rules for particular Java injection vulnerabilities.

Related articles

Defining security policiesPreparing your application for secure deploymentOAuth 1.0 clientsStoring case attachments using external storageConfiguring external storage options for attachmentsSecuring the Pega API

Tags

Pega Platform 8.4 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us