Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Mitigate common (OWASP Top 10) security vulnerabilities

Updated on July 1, 2021

Pega Platform offers policies on the Security Policies landing page, as well as additional security restrictions that control cross-site request forgery (CSRF), content security policies (CSP), cross-origin resource sharing (CORS), and others. Use these features to ensure that your system is as secure as possible.

  • Complying with regulatory standards

    Regulatory compliance ensures organizations are aware of and take steps to comply with relevant laws, policies, and regulations. Regulatory compliance is when a business follows state, federal, and international laws and regulations relevant to its operations.

  • Understanding cross-site request forgery
  • Understanding dynamic system settings

    To enable greater security in your application, configure the following dynamic system settings to enable greater security in your application before moving your application from development to a production environment.

  • Understanding cross-site scripting

    Cross-site scripting is a client-side code injection attack, in which an attacker can run malicious scripts on a legitimate website or web application.

  • Defining cross-origin resource sharing policies

    Cross-origin resource sharing (CORS) policies define a method that enables a browser and server to interact and determine whether it is safe to allow a cross-origin request. For example, a client using a Pega Marketing application running in a browser, may see advertisements from third-parties, and if they click one of these advertisements, the CORS policy will record that the advertisement was viewed or clicked on.

  • Configuring the deserialization filter

    In Pega Platform, a global filter checks a list of blocked classes that are not allowed to be deserialized. You can add classes to the global deserialization filter to increase the security of your application by preventing unauthorized access.

  • Searching for security vulnerabilities in rules

    The Rule Security Analyzer can find specific JavaScript or SQL coding patterns that might indicate a security vulnerability. The most effective way to search for vulnerabilities is to run the Rule Security Analyzer several times, each time matching against a different regular expression rule. If the Rule Security Analyzer finds problems, you can fix them to make your system more secure.

  • Configuring the Java injection check

    At design time and at run time, Pega Platform checks activities, functions, and stream rules for particular Java injection vulnerabilities.

  • Using Access Control Checks

    Use Access Control Checks to identify broken custom code that must be fixed. During development, it is easy to introduce risks into your application by implementing custom code. By using Access Control Checks, you help proactively fix your code by identifying potential issues.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us