Skip to main content

Table of Contents

Implementing security guidelines for test environments


Only available versions of this content are shown in the dropdown

As a best practice, configure the application server in your test environment so it mirrors a production environment configuration.

Use the following guidelines to minimize security vulnerabilities on the server side in your application:

  • Prevent the application server from serving files to unauthorized users.
  • Disable application-server directory traversals. For example, eliminate the ability to insert ../ or ..\ into directory paths.
  • Disable directory listings on the application server.
  • Verify that no extraneous ports are open on the application server or on the firewall that protects the application server.
  • Disable HTTP methods that your application does not use, including HEAD, TRACE, and TRACK. By default, Pega Platform uses POST and GET.
  • Remove the web server banner from the Server field in the HTTP response header. This ensures that you do not share the type and version of your application server with users.
  • Disable sample applications, their supporting files, and permissions when they are no longer used. This prevents users from logging in to your system with sample application credentials.
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us