Article

Sep 23, 2019

The SECU0009 security alert is generated when a browser reports a violation of your application's Content Security Policy. The alert message describes the violation as an attempt by an untrusted source to load content. If the content should be blocked, remove the reference to the blocked…

Article

Sep 16, 2019

Data encryption in Pega Platform™ gives sensitive data in your applications an additional layer of security while preserving critical Pega Platform functionality. Data encryption makes it easier to comply with privacy policies, regulatory requirements, and contractual obligations for handling…

Article

Sep 10, 2019

As a best practice, before moving your application from development to a production environment, configure these dynamic system settings to enable greater security in your application. The settings shown below with the prefix "prconfig" can also be set on a per-node basis in the prconfig.…

Article

Aug 26, 2019

You can integrate Pega ® Platform with your private Amazon Web Services Key Management Service (AWS KMS) account to manage the keys that encrypt and decrypt BLOBs and property values. You can create, delete, and control the keys that are used to encrypt your data. By using AWS KMS, you do not need…

Article

Aug 26, 2019

You can use authorization, or access control, features in Pega Platform™ to restrict user actions. You can use role-based access control or attribute-based access control to restrict the following types of user access and actions: Accessing portions of the user interface (harnesses, controls) and…

Article

Aug 22, 2019

Application and data security are major concerns of information technology organizations today. Inadequate security can prevent your application from being deployed. Security failures in deployment can expose your organization to severe consequences, from loss of customers and of your organization’…

Article

Aug 21, 2019

Cross-Site Request Forgery (CSRF) is an attack that forces a user to execute unwanted actions on a web application in which the user is currently authenticated. CSRF specifically targets state-changing requests, not theft of data, because the attacker cannot see the response to the forged request.…

Article

Aug 21, 2019

Summary By simply creating a model and a trigger rule, you can generate history memos that automatically audit field-level changes to both rules and data instances. For example, you can create a model and trigger that will track changes to user RuleSet lists in an access group. Pega Platform™ also…

Article

Aug 21, 2019

Pega Platform™ offers comprehensive features for security information and event management (SIEM) for performing the following activities: Monitoring all security-related activity in the system Creating reports that analyze patterns of system usage Identifying patterns of suspicious behavior…

Article

Aug 21, 2019

Pega Platform™ provides encryption of sensitive data while the data is at rest. For more information, see Encryption in Pega Platform . This encryption can be performed using a platform cipher or by using a custom cipher that you define. To implement a custom cipher, you create the cipher class,…