Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Security guidelines for test environments

Updated on July 1, 2021

As a best practice, configure the application server in your test environment to mirror a production environment configuration.

Use the following guidelines to minimize security vulnerabilities that can happen on the server side in your application:

  • Prevent the application server from serving files to unauthorized users.
  • Disable application server directory traversals. For example, eliminate the ability to insert “../” or “..\” into directory paths.
  • Disable directory listings on the application server.
  • Verify that no extraneous ports are open on the application server or on the firewall that protects the application server.
  • Disable HTTP methods that your application does not use, including HEAD, TRACE, and TRACK. By default, Pega Platform uses POST and GET.
  • Remove the web server banner from the Server field in the HTTP response header so that you do not share the type and version of your application server with users.
  • Disable sample applications, their supporting files, and permissions when they are no longer used. This action prevents users who know the sample application credentials from logging in to your system.
  • Previous topic Preparing your application for secure deployment
  • Next topic Adding the Security Checklist to an application created before 7.3.1

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us