Article

Aug 13, 2019

Increase the security of your applications with new features for General Data Protection Regulation (GDPR) compliance, mobile authentication, keystore management, and deserialization protection. Deserialization blacklist landing page The following key features are included in this release of Pega…

Article

Aug 13, 2019

Pega Platform™ supports two-factor authentication by sending a one-time password (OTP) to a user through email. The user must enter this one-time password in your Pega Platform application for verification. Two-factor authentication is supported for the following use cases: In custom authentication…

Article

Aug 12, 2019

Pega ® Platform provides encryption of sensitive data while the data is at rest. For more information, see Encryption in Pega Platform . This encryption can be performed using a platform cipher or by using a custom cipher that you define. To implement a custom cipher, you create the cipher class,…

Article

Aug 12, 2019

The security alert SECU0018 is generated when a potential Java injection vulnerability is found in a rule that was created before version 8.3 and the dynamic system setting security/enableJavaInjectionMitigation is not defined or is set to false. For more information, see Configuring the Java…

Article

Aug 12, 2019

As an administrator, senior system architect, or lead system architect, your goal is to ensure the confidentiality, integrity, and availability of your application during development and before you move it to production. Unauthorized individuals should not have access to the application or the data…

Article

Aug 12, 2019

As a best practice, before moving your application from development to a production environment, configure these dynamic system settings to enable greater security in your application. The settings shown below with the prefix "prconfig" can also be set on a per-node basis in the prconfig.…

Article

Aug 12, 2019

Data encryption in Pega Platform™ gives sensitive data in your applications an additional layer of security while preserving critical Pega Platform functionality. Data encryption makes it easier to comply with privacy policies, regulatory requirements, and contractual obligations for handling…

Article

Aug 12, 2019

Authentication in Pega Platform™ ensures that only users and systems whose identity has been verified can access resources such as web pages, APIs, and data. Examples of authentication in Pega Platform include user logins, platform requests to external services, and external service requests to the…

Article

Aug 9, 2019

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at runtime.  You can customize Pega Platform to check for vulnerabilities in addition to the defaults. The following figure shows a design-time notification of a Java…

Article

Aug 9, 2019

You can now create keystores that reference keys from key management services such as Microsoft Azure Key Vault, HashiCorp Vault, and Google Cloud KMS, in addition to Amazon KMS. You can also create a keystore that references keys other other key management services through the use of a data page.…