Question
1
Replies
465
Views
Posted: June 7, 2019
Last activity: June 7, 2019
Security Code Review tools for Pega Applications
What options and tools are available to perform security code reviews on Pega applications?
(Specifically looking for tools used in implementations, I was able to find information published on application security, vulnerabilities scanning, guardrails, Rule Security Analyzer etc.. )
***Edited by Moderator Marissa to update platform capability tags****
Hi,
I don't think there is any dedicated tool which can be run on Pega applications. As you have mentioned that you are aware of Rule Security Analyzer.This tool searches through non-autogenerated rules to find specific JavaScript or SQL coding patterns that may indicate a security vulnerability. (will not operate on rules in standard Pega- Rulesets).
Also during runtime, you can make use of PegaALERTS log which would log few SECUXXX alerts based on the different security use-cases. (like invalid chars detected, CSRF attack detected and many others)
Refer to Security alerts section for the list of alerts and individual alert details
https://community.pega.com/knowledgebase/articles/performance-alerts-security-alerts-and-autonomic-event-services
Hope this helps!
Thank You,