Working on a project to map out the most common security gaps
in ServiceNow instances. From what I've seen across audits:
• ACLs that silently fail open
• REST API endpoints exposed without proper auth
• System properties left in debug/insecure defaults
• Service Portal widgets leaking data client-side
• MID Servers with overprivileged credentials
I've compiled findings into a structured knowledge base covering
14 security domains with detection scripts and compliance mapping
(NIS2, DORA, ISO 27001).
Now I'm looking for ServiceNow admins and architects to beta test
it — an AI interface that answers SN security questions with cited,
verifiable responses.
Two questions for the community:
1. What security gaps do you see most often in SN instances?
2. Anyone interested in testing the tool and giving feedback?
Happy to share access — just want honest input on what's accurate,
what's missing, and what would actually be useful in your day-to-day.
