Skip to main content
This content has been updated. Click here to continue your progress on the latest version.

Rule Security Analyzer tool

The Rule Security Analyzer tool identifies potential security risks in your applications that may introduce vulnerabilities to attacks such as cross-site scripting (XSS) or SQL injection.

Such vulnerabilities can typically arise only in non-autogenerated rules such as stream rules (HTML, JSP, XML, or CSS) and custom Java or SQL statements.

The Rule Security Analyzer scans non-autogenerated rules, comparing each line with a regular expressions rule to find matches. The tool examines text, HTML, JavaScript, and Java code in function rules and individual activity Java method steps, and other types of information depending on rule type.

The Rule Security Analyzer searches for vulnerabilities in code by searching for matches to regular expressions (regex) defined in Rule Analyzer Regular Expressions rules. Several Rule Analyzer Regular Expression rules are provided as examples for finding common vulnerabilities. You may also create your Rule Analyzer Regular Expression rules to search for other patterns.

The most effective search for vulnerabilities is to rerun the Rule Analyzer several times, each time matching against a different Regular Expressions rule.

Caution: Use trained security IT staff to review the output of the Rule Security Analyzer tool. They are better able to identify false positives and remedy any rules that do contain vulnerabilities.

Running the Rule Security Analyzer before locking a ruleset is recommended as it allows you to identify and correct issues in rules before they are locked. The Rule Security Analyzer takes a couple of minutes to run through the different regular expressions.

For more information on the Rule Security Analyzer, review the following help documents: Rule Security Analyzer, Searching for security vulnerabilities in rules, and Regular Expression rules.

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice