Application Security tools in PEGA
Hi All,
Are there any tools in PEGA which gives a security report like how we have guardrail report which checks the code quality? I heard there is a tool which we need to manually run and it gives a report on how secure your application is based on the DSS settings we do.
Did i hear it rite? If yes, Can anyone give me more details on it or redirect to any reference document /link which gives a clear idea on this?
I am using PEGA 7.1.8
Accepted Solution
Pegasystems Inc.
US
Hi,
I haven't heard of any dedicated tool which can be run on Pega applications on runtime in order to get a security report. (like Thirdparty penetration tests, or security scans run)
However, to help you make your Pega 7 Platform applications more secure, you can run the Rule Security Analyzer. This tool searches through non-autogenerated rules to find specific JavaScript or SQL coding patterns that may indicate a security vulnerability. (will not operate on rules in standard Pega- Rulesets)
Check out the criteria and prerequisites -
Also during runtime, you can make use of PegaALERTS log which would log few SECUXXX alerts based on the different security use-cases. (like invalid chars detected, CSRF attack detected and many others)
Refer to Security alerts section for the list of alerts and individual alert details
Hope this helps!
Accenture
IN
Hi All,
Thank you for the information. I thought there is a dedicated tool apart from Rule Security Analyzer. My client is looking for internal build tool or else he wants us to integrate with external security tools. No issues will explore more on the Rule Security Analyzer tool and the alert files.
Thank you once again.
CollabPartnerz
IN
Below link might be helpful.
https://community.pega.com/knowledgebase/articles/overview-performance-tools-pal