Table of Contents

Article

Protect against insecure deserialization (8.2)

Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by providing filters that prevent deserialization of suspect data streams. You can configure these filters from the Deserialization Blacklist landing page, as shown in the following figure.

Thumbnail

Deserialization Blacklist landing page

For more information, see Configuring the deserialization filter.

Published November 19, 2018 — Updated March 22, 2019

Related Content

Have a question? Get answers now.

Visit the Pega Support Community to ask questions, engage in discussions, and help others.