These tasks are not part of the core Security Checklist because they do not apply to all applications. You should review these tasks whenever you use custom code in your application to mitigate risks.
If your application includes custom Java or custom HTML written by your project team, there are special tasks you must perform to secure that code.
- Eliminate vulnerabilities in custom code
- Remove vulnerabilities immediately to avoid wasting time refactoring and retesting your work.
For more information, see:
- Secure HTML if it exists in your application
- Keep your application guardrail-compliant and do not include custom (non-autogenerated) HTML. However, if you do include custom HTML, follow Pega guidelines to minimize security vulnerabilities in your application.
For more information, see Security guidelines for custom HTML.