Question
2
Replies
259
Views
Capgemini UK plc
Posted: August 5, 2019
Last activity: August 12, 2019
Closed
Pega WebMashup Security concerns
Hi All,
Recently, whilst working with on the banking giants in UK, we were turned down to use the Pega Web Mashup because it uses IFrame and the use of Iframe opens up the security vulnerabilities such as cross-site threats.
Can someone suggest what to do in that scenario?
Posted: 1 year ago
Application restricted with CSRF
Add below DSS to get exception for mashup consumer portal
Pega-Engine
security/csrf/validreferers
Value : add mash up consumer URL
Hi
Pega does provide methods to over come cross site scripting. Go through the below link for details:
https://community.pega.com/knowledgebase/articles/best-practices-avoid-cross-site-scripting-xss-vulnerabilities
Hope it helps.
Regards
Bhavya