Mitigate common (OWASP Top 10) security vulnerabilities
Pega Platform offers policies on the Security Policies landing page, as well as additional security restrictions that control cross-site request forgery (CSRF), content security policies (CSP), cross-origin resource sharing (CORS), and others. Use these features to ensure that your system is as secure as possible.
- Complying with regulatory standards
Regulatory compliance ensures organizations are aware of and take steps to comply with relevant laws, policies, and regulations. Regulatory compliance is when a business follows state, federal, and international laws and regulations relevant to its operations.
- Understanding cross-site request forgery
- Understanding dynamic system settings
To enable greater security in your application, configure the following dynamic system settings to enable greater security in your application before moving your application from development to a production environment.
- Understanding cross-site scripting
Cross-site scripting is a client-side code injection attack, in which an attacker can run malicious scripts on a legitimate website or web application.
- Defining cross-origin resource sharing policies
Cross-origin resource sharing (CORS) policies define a method that enables a browser and server to interact and determine whether it is safe to allow a cross-origin request. For example, a client using a Pega Marketing application running in a browser, may see advertisements from third-parties, and if they click one of these advertisements, the CORS policy will record that the advertisement was viewed or clicked on.
- Configuring the deserialization filter
In Pega Platform, a global filter checks a list of blocked classes that are not allowed to be deserialized. You can add classes to the global deserialization filter to increase the security of your application by preventing unauthorized access.
- Searching for security vulnerabilities in rules
- Configuring the Java injection check
At design time and at run time, Pega Platform checks activities, functions, and stream and validation rules, for particular Java injection vulnerabilities. Extend the default behavior to check for additional vulnerabilities.
- Using Access Control Checks
Use Access Control Checks to identify broken custom code that must be fixed. During development, it is easy to introduce risks into your application by implementing custom code. By using Access Control Checks, you help proactively fix your code by identifying potential issues.