Table of Contents

Security Checklist for custom code


Only available versions of this content are shown in the dropdown

These tasks are not part of the core Security Checklist because they do not apply to all applications. You should review these tasks whenever you use custom code in your application to mitigate risks.

If your application includes custom Java or custom HTML written by your project team, there are special tasks you must perform to secure that code.

Eliminate vulnerabilities in custom code
Run the Rule Security Analyzer weekly to search through custom (non-autogenerated) code in your rules. This utility finds specific JavaScript or SQL coding patterns that might indicate a security vulnerability.
Remove vulnerabilities immediately to avoid wasting time refactoring and retesting your work.

For more information, see:

Secure HTML if it exists in your application
Keep your application guardrail-compliant and do not include custom (non-autogenerated) HTML. However, if you do include custom HTML, follow Pega guidelines to minimize security vulnerabilities in your application.

For more information, see Security guidelines for custom HTML.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.