Question

98
Views
Nikhil Agarwal (Nikhil_Agarwal94)
Sun Life Financial Company
Lead Software Engineer
Sun Life Financial Company
CA
Nikhil_Agarwal94 Member since 2019 16 posts
Sun Life Financial Company
Posted: November 4, 2020
Last activity: November 4, 2020
Posted: 4 Nov 2020 13:38 EST
Last activity: 4 Nov 2020 15:30 EST

Cross Site Websocket Hijacking security issue

Hi,

We got Cross Site Websocket Hijacking issue flagged in vulnerability scan on prpushservlet. We have disabled it using below DSS. Is this sufficient to secure websockets or do we need to use CSRF? 

  • prconfig/operatorpresence/enabled/default
  • prconfig/server-push/enabled/default
***Edited by Moderator Marissa to update Support Case Details***
Pega Platform 8.2.6 Security Insurance Lead System Architect Support Case Exists