Pen Testing

Aman22
Mega Contributor

Hi,

We are trying to find out more on Penetration testing on our ServiceNow Instance and have the following questions

- Do we have to use third party tools to do Penetration testing? if so are there are recommendations from anyone who has used those?

 

 

Thanks

Aman

2 REPLIES 2

peter_z
ServiceNow Employee
ServiceNow Employee

Hi Aman,    You've not give a lot of context here for what you are seeking - external vendor selection / tools to use is largely a decision that fits your overall pen test use case I think.

First off,  please review https://hi.service-now.com/kb_view.do?sysparm_article=KB0718043 as its got a good amount of info and links there in re all things Security relating to your ServiceNow instance.

Customers can arrange a pen test annually at no additional charge,  but it does need to be arranged in advance and coordinated with ServiceNow.    On the tools front as I mentioned above its horses for courses,  but do not plan to use any DOS/DDOS type tools as these are excluded from available test options.

FYI,  if you are a Security Contact for a customer you can also enrol in the CORE community and through that gain access to the ServiceNow current annual ISO cert's and results from the independent pen tests that ServiceNow has done.  You will find links to and more info on this in the above article.

 

You amy also find these links of interest:

https://community.servicenow.com/community?id=community_blog&sys_id=59da58dddba193c04e1df4621f96197b

and

https://hi.service-now.com/kb_view.do?sysparm_article=KB0538598

Aman22
Mega Contributor

Thanks @peter_z 

I am fairly new to the concept of Pen testing. I checked and SN HI portal allows us to schedule a Pen test but then is does prompt for Source IP, Scanner and Test Details.

As part of one of the ticket updates, ServiceNow recommended us to schedule a Pen test so trying to find out what should be the next steps. Do we need to identify a tool that does PEN test?

 

Thanks

Aman