Use case:
Are there any possibilities to conduct penetration testing in ServiceNow? How should I enable penetration testing? What steps must I follow to complete the penetration testing process?
Solution:
Yes, ServiceNow allows for penetration testing. However, the following steps must be undertaken to complete the testing lifecycle.
Limit: Customers are allowed to conduct one penetration test per calendar year on their own Now Platform instances.
Step 1: Initiate the penetration testing process by submitting a Hi-Portal ticket. Please refer to the screenshot below and navigate to the Automation Store > Security and Access to create a request with the necessary details.
Step 2: Following the approval in Step 1, a testing window will be scheduled, during which the testing will be executed and findings will be documented. If any issues are identified, ensure that the steps are recorded clearly.
Step 3: Attach the findings to the request made in Step 1, including any defects mentioned in the same request. Submit the details within the Step 1 request and await an update from ServiceNow.
Step 4: ServiceNow is available to assist in resolving your issues. Should any input be required from your side, ServiceNow will reach out to you for clarification and support.
Testing window lasts up to 25 days.
Finding Defects submission is allowed up to 30 days after the testing window.
The subsequent ServiceNow article is designed to assist you in completing your penetration testing. I trust it will prove to be beneficial.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1119943
Regards,
Suresh
