Question
CNSI
US
Last activity: 18 Dec 2024 5:08 EST
Vulnerability testing process for application on premise
We have requirement to do the Vulnerability testing in Pega 8.8.2 on premise environment. Can some one please guide on this?
Accepted Solution
Updated: 18 Dec 2024 5:09 EST
Pegasystems Inc.
GB
@RameshP8036 Please clarify what your requirement is.
Each new release of Pega Infinity includes security fixes. Clients are encouraged to upgrade to the latest release of Pega Infinity and apply all hotfixes. The applications our clients build with Pega Platform do vary, and we recommend that clients conduct their supplemental penetration testing.
Regarding the Veracode scan: Pega does Veracode scanning for Platform Infinity release or other product. You can find out more here:
https://www.veracode.com/verified/directory/pegasystemsInc..
For the specific query on Veracode scanning you can refer Veracode documentation : Upload a packaged application | Veracode Docs
If you have any specific concerns about your environment, please log a support incident via the MSP so that our GCS team can help investigate.
Updated: 3 Oct 2024 10:24 EDT
Pegasystems Inc.
GB
@RameshP8036 ⚠ This is a GenAI-powered tool. All generated answers require validation against the provided references.
To perform vulnerability testing in a Pega 8.8.2 on-premise environment, you can follow the guidelines for vulnerability testing provided by Pegasystems.
Mitigating common security vulnerabilities
Although the references are for Pega Cloud, the general principles and best practices for vulnerability testing can still be applied to an on-premise environment.
First, ensure that you adhere to the vulnerability testing policy for applications on Pega Cloud. This includes validating that the tools or services used for vulnerability testing are compliant with the policy and securing the deployed applications according to the security checklist.
Next, review the vulnerability testing process for applications on Pega Cloud. Even though it is specific to Pega Cloud, the process outlines the steps for conducting security assessments and vulnerability scanning, which can be adapted for an on-premise environment.
It's important to note that the specific steps mentioned in the Pega Cloud documentation may not directly apply to an on-premise environment. For example, certain settings or configurations mentioned in the documentation may be specific to Pega Cloud and may not be applicable to an on-premise setup.
@RameshP8036 ⚠ This is a GenAI-powered tool. All generated answers require validation against the provided references.
To perform vulnerability testing in a Pega 8.8.2 on-premise environment, you can follow the guidelines for vulnerability testing provided by Pegasystems.
Mitigating common security vulnerabilities
Although the references are for Pega Cloud, the general principles and best practices for vulnerability testing can still be applied to an on-premise environment.
First, ensure that you adhere to the vulnerability testing policy for applications on Pega Cloud. This includes validating that the tools or services used for vulnerability testing are compliant with the policy and securing the deployed applications according to the security checklist.
Next, review the vulnerability testing process for applications on Pega Cloud. Even though it is specific to Pega Cloud, the process outlines the steps for conducting security assessments and vulnerability scanning, which can be adapted for an on-premise environment.
It's important to note that the specific steps mentioned in the Pega Cloud documentation may not directly apply to an on-premise environment. For example, certain settings or configurations mentioned in the documentation may be specific to Pega Cloud and may not be applicable to an on-premise setup.
By following the general principles and best practices outlined in the Pega Cloud documentation, you can establish a framework for conducting vulnerability testing in your Pega 8.8.2 on-premise environment.
For more information, you can refer to the Pega Cloud documentation on vulnerability testing policy and process:
- [Vulnerability Testing Policy for Applications on Pega Cloud](https://docs.pega.com/bundle/pega-cloud/page/pega-cloud/pc/pcs-test-policy-applications.html)
Updated: 3 Oct 2024 10:22 EDT
CNSI
US
@MarijeSchillern Can we need to export the jar files and use the jar files for Veracode scanning?
Accepted Solution
Updated: 18 Dec 2024 5:09 EST
Pegasystems Inc.
GB
@RameshP8036 Please clarify what your requirement is.
Each new release of Pega Infinity includes security fixes. Clients are encouraged to upgrade to the latest release of Pega Infinity and apply all hotfixes. The applications our clients build with Pega Platform do vary, and we recommend that clients conduct their supplemental penetration testing.
Regarding the Veracode scan: Pega does Veracode scanning for Platform Infinity release or other product. You can find out more here:
https://www.veracode.com/verified/directory/pegasystemsInc..
For the specific query on Veracode scanning you can refer Veracode documentation : Upload a packaged application | Veracode Docs
If you have any specific concerns about your environment, please log a support incident via the MSP so that our GCS team can help investigate.
Updated: 17 Dec 2024 17:05 EST
CNSI
US
@MarijeSchillern We need to do code scan of my Pega application using Veracode scan. How to provide the Pega source code to Veracode scan?
Pegasystems Inc.
GB
For the specific query on Veracode scanning you can refer Veracode documentation : Upload a packaged application | Veracode Docs
If you have any specific concerns about your environment, please log a support incident via the MSP so that our GCS team can help investigate.