Security Code Review tools for Pega Applications
What options and tools are available to perform security code reviews on Pega applications?
(Specifically looking for tools used in implementations, I was able to find information published on application security, vulnerabilities scanning, guardrails, Rule Security Analyzer etc.. )
***Edited by Moderator Marissa to update platform capability tags****
Posted: 1 year ago
Hi,
I don't think there is any dedicated tool which can be run on Pega applications. As you have mentioned that you are aware of Rule Security Analyzer.This tool searches through non-autogenerated rules to find specific JavaScript or SQL coding patterns that may indicate a security vulnerability. (will not operate on rules in standard Pega- Rulesets).
Also during runtime, you can make use of PegaALERTS log which would log few SECUXXX alerts based on the different security use-cases. (like invalid chars detected, CSRF attack detected and many others)
Refer to Security alerts section for the list of alerts and individual alert details
https://community.pega.com/knowledgebase/articles/performance-alerts-security-alerts-and-autonomic-event-services
Hope this helps!
Thank You,