Article
Apr 24, 2019

The security SECU0017 alert is generated when a request is sent to a Pega application and the browser fingerprint is either missing or does not match the expected value. The causes of this alert can include, for example, an attempted cross-site request forgery attack or a session hijacking attack.…

Article
Mar 29, 2019

Pega ® Platform provides encryption of sensitive data while the data is at rest. For more information, see Encryption in Pega Platform . This encryption can be performed using a platform cipher or by using a custom cipher that you define. To implement a custom cipher, you create the cipher class,…

Capability
Mar 29, 2019

Find resources a Pega user may need to manage case management within the Pega Platform including case design, "design-by-doing" features, and case manager portal.

Article
Mar 26, 2019

Summary You can set up an authentication service to override or extend the default Process Commander authentication process. If using an LDAP-compliant server, you specify connection and directory information in the Service tab on the authentication service rule form. You can enter an explicit URL…

Article
Mar 25, 2019

Increase the security of your applications with new features for General Data Protection Regulation (GDPR) compliance, mobile authentication, keystore management, and deserialization protection. Deserialization blacklist landing page The following key features are included in this release of Pega…

Capability
Mar 22, 2019

Find resources a Pega user may need to ensure an application is secure, including managing authentication, setting up authorization, and configuring auditing.

Article
Mar 22, 2019

Test IDs allow Pega application developers to create a unique identifier for each user interface component. Test IDs are unique numerical strings that appear in the markup of an application. An automated test can use the test ID to identify a user interface element and run a test against it. Access…

Article
Mar 22, 2019

The default authentication for Pega Platform™ uses a new type of authentication service. You can customize this service, as for any authentication service type. All authentication services with the basic credentials type include mobile authentication with the OAuth 2.0 protocol and proof key for…

Article
Mar 22, 2019

Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by…

Article
Mar 22, 2019

A new authentication service type allows a guest user to use an application without logging in, and to be prompted to authenticate later in the session. This enhancement supports a scenario such as an online shopping portal where a user can load a shopping cart as a guest and be prompted for…