Penetration testing on a single Application.

Go to solution
daiva
Tera Guru

‎05-29-2024 10:09 PM - edited ‎05-29-2024 11:42 PM

Hello Everyone,

I'm New to Penetration Testing in ServiceNow.
I've gone through several Blogs, documents and Knowledge article but i like to know, how it works in practical.
I have a Single Application "ABC Insur" it doesn't have any CI items it is a Standalone Application(Software).
Can i use Penetration Test on it?
Like CI Item consists of several Items instead i use only one Item ABC Insur and Test on it?
Any information appreciated.

Thanks,
Daiva

0 Helpfuls
  • 3,822 Views
3 ACCEPTED SOLUTIONS

Go to solution
Abhinav37
ServiceNow Employee
ServiceNow Employee

‎05-30-2024 06:59 PM

Hi, 

Yes the OOB Penetration Test Assessment Request lets you create penetration testing assessment requests on a single application as long as the application has a record on the "sn_vul_app_release" table. So any end user (typically app owners) can raise these requests using the OOB record producer on Service Portal -Service Catalog to be assessed by the Pen testing team (Ethical Hacker assignment group).. 

 

The Penetration Testing Assessment Request Record Producer that shows the Application reference field that references the sn_vul_app_release table.

Abhinav37_0-1717120501311.png

 

Below is the typical workflow (As of Vancouver release) in application vulnerability response for penetration testing assessment requests. Typically the App owner and Pen testing teams are involved in the process and any issues found during the pent ests are recorded as manual Application Vulnerable Items (AVITs).

 

Abhinav37_1-1717120607739.png

If this post is helpful please mark it as helpful and accept as solution

 

Cheers!

AB!

View solution in original post

Go to solution
Simon Hendery
Mega Patron
Mega Patron
In response to daiva

‎06-10-2024 12:23 AM

Hi @daiva - thanks for clarifying.

 

1. This workflow is available in 'Application Vulnerability Response' which requires a Professional or Enterprise Vulnerability Response lisense: https://docs.servicenow.com/bundle/washingtondc-security-management/page/product/vulnerability-app-v...

 

2. See the workflow diagram that @Abhinav37 posted earlier in this thread.

 

3. Further instructions on configuring the workflow can be found here: https://docs.servicenow.com/bundle/washingtondc-security-management/page/product/vulnerability-app-v...

 

I hope that helps.

View solution in original post

Go to solution
Simon Hendery
Mega Patron
Mega Patron
In response to daiva

‎06-10-2024 11:50 AM

Sorry @daiva, I don't know how you would do black-box testing.

View solution in original post

15 REPLIES 15

Go to solution
daiva
Tera Guru
In response to Simon Hendery

‎06-10-2024 02:03 AM

Hi @Simon Hendery 

Thanks for the Solution to my question, to do this we need to request from the  HI support for Pen Testing. Do we have any option to do the Black-Box Testing. If yes, How can we do that?

Thanks,

Daiva

0 Helpfuls

Go to solution
Simon Hendery
Mega Patron
Mega Patron
In response to daiva

‎06-10-2024 11:50 AM

Sorry @daiva, I don't know how you would do black-box testing.

Go to solution
daiva
Tera Guru
In response to Simon Hendery

‎06-11-2024 02:56 AM

Hello @Simon Hendery 

Thanks for you Time and Efforts regarding the Query. The Information you've shared is very Helpful.


Thanks,
Daiva

0 Helpfuls

Go to solution
Simon Hendery
Mega Patron
Mega Patron
In response to daiva

‎06-11-2024 01:20 PM

My pleasure @daiva. I hope your pen testing goes well! 

Go to solution
Abhinav37
ServiceNow Employee
ServiceNow Employee

‎06-10-2024 11:44 PM

@daiva 

You may want to post your query related to blackbox testing on the Platform Security  forum.

 

The below post may have some suggestions:

https://www.servicenow.com/community/secops-forum/pen-testing-on-servicenow-instance/td-p/1298712

 

Cheers,

AB!

 

0 Helpfuls