Pen Testing on ServiceNow Instance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2020 11:54 AM
Hi,
We are trying to find out more on Penetration testing on our ServiceNow Instance and have the following questions
- Do we have to use third party tools to do Penetration testing? if so are there are recommendations from anyone who has used those?
- What are the Pros and Cons of doing that?
Thanks
Aman
- Labels:
-
Configuration Compliance

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2020 12:56 PM
Hey there,
You might want to post this in the 'Platform and Cloud Security' forum for better insight from others that have gone through this type of simulated testing / assessment exercise:
- https://community.servicenow.com/community?id=community_topic&sys_id=54495e2ddbd897c068c1fb651f9619ce
As with all Penetration Tests, you'd ideally have a defined scope - whether you take it on yourself or with a third-party or with whatever tools you have in your toolbox - e.g. will you be performing whitebox testing vs blackbox testing, etc...
Either way you go - would create a HI Support Ticket to kick that off and follow the defined process ServiceNow has for handling these requests.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2020 01:00 PM
Hi Aman,
It'll depend on whether you're leveraging a third party or not. When ever I've done a deployment where a client has wanted to complete a pentest, they've used a pentesting company with their own methods.
You can only pentest a sub-production clone of your instance and ServiceNow must be informed via the HI Support request form "Schedule a Penetration Test".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2020 01:30 PM
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2020 11:19 PM