Security Checklist for custom code
These tasks are not part of the core Security Checklist because they do not apply to all applications. You should review these tasks whenever you use custom code in your application to mitigate risks.
If your application includes custom Java or custom HTML written by your project team, there are special tasks you must perform to secure that code.
- Eliminate vulnerabilities in custom code
- Run the Rule Security Analyzer weekly to search through custom (non-autogenerated) code in your rules. This utility finds specific JavaScript or SQL coding patterns that might indicate a security vulnerability.
- Remove vulnerabilities immediately to avoid wasting time refactoring and retesting your work.
For more information, see:
- Secure HTML if it exists in your application
- Keep your application guardrail-compliant and do not include custom (non-autogenerated) HTML. However, if you do include custom HTML, follow Pega guidelines to minimize security vulnerabilities in your application.
For more information, see Security guidelines for custom HTML.
Previous topic Security Checklist when deploying in on-premises environments Next topic Preparing your application for secure deployment