Skip to main content

Table of Contents

Mitigate common (OWASP Top 10) security vulnerabilities


Only available versions of this content are shown in the dropdown

Pega Platform offers policies on the Security Policies landing page, as well as additional security restrictions that control cross-site request forgery (CSRF), content security policies (CSP), cross-origin resource sharing (CORS), and others. Use these features to ensure that your system is as secure as possible.

  • Complying with regulatory standards

    Regulatory compliance ensures organizations are aware of and take steps to comply with relevant laws, policies, and regulations. Regulatory compliance is when a business follows state, federal, and international laws and regulations relevant to its operations.

  • Understanding cross-site request forgery
  • Understanding dynamic system settings

    To enable greater security in your application, configure the following dynamic system settings to enable greater security in your application before moving your application from development to a production environment.

  • Understanding cross-site scripting

    Cross-site scripting is a client-side code injection attack, in which an attacker can run malicious scripts on a legitimate website or web application.

  • Defining cross-origin resource sharing policies

    Cross-origin resource sharing (CORS) policies define a method that enables a browser and server to interact and determine whether it is safe to allow a cross-origin request. For example, a client using a Pega Marketing application running in a browser, may see advertisements from third-parties, and if they click one of these advertisements, the CORS policy will record that the advertisement was viewed or clicked on.

  • Configuring the deserialization filter

    In Pega Platform, a global filter checks a list of blocked classes that are not allowed to be deserialized. You can add classes to the global deserialization filter to increase the security of your application by preventing unauthorized access.

  • Searching for security vulnerabilities in rules

    The Rule Security Analyzer can find specific JavaScript or SQL coding patterns that might indicate a security vulnerability. The most effective way to search for vulnerabilities is to run the Rule Security Analyzer several times, each time matching against a different regular expression rule. If the Rule Security Analyzer finds problems, you can fix them to make your system more secure.

  • Configuring the Java injection check

    At design time and at run time, Pega Platform checks activities, functions, and stream and validation rules, for particular Java injection vulnerabilities. Extend the default behavior to check for additional vulnerabilities.

  • Using Access Control Checks

    Use Access Control Checks to identify broken custom code that must be fixed. During development, it is easy to introduce risks into your application by implementing custom code. By using Access Control Checks, you help proactively fix your code by identifying potential issues.

Did you find this content helpful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us