4. März1 Min. Lesezeit
Add Explicit Order to Client Script
Client scripts in ServiceNow are often set up to change how forms behave on the client side, like hiding fields or making fields...
4. März1 Min. Lesezeit
Restrict GlideRecord in Client Callable Script
Using GlideRecord in client-callable script includes can expose sensitive data to unauthorized users. Since client-callable scripts run...
4. März1 Min. Lesezeit
Activate Email Filters Plugin
The Email Filters plugin helps assess incoming emails for potential spam by adding headers that can be used for filtering. Without this...
4. März1 Min. Lesezeit
Limit XML Entity Expansion to 3000
XML parsers can be exploited using the "Billion Laughs" attack, a type of XML entity expansion attack that consumes excessive system...
4. März1 Min. Lesezeit
Limit Diagnostic Page Access via ACL
Without proper access control, diagnostic pages like /stats.do, /threads.do, and /replication.do can be accessed by unauthorized users....
4. März1 Min. Lesezeit
Activate Privacy Settings on Client-Callable Scripts
Client-callable script includes are public by default, which can expose sensitive functionality. If not properly secured, unauthorized...
4. März1 Min. Lesezeit
Remove Hard-Coded Instance URL
Hard-coded instance URLs create migration challenges when moving configurations between environments, leading to broken links and...
4. März1 Min. Lesezeit
Avoid Using eval() in Script
Using eval() in scripts can execute untrusted or malicious code, posing significant security risks. It can lead to code injection...
4. März1 Min. Lesezeit
Reduce Execution Time of Report
Reports with long execution times can degrade system performance and impact the user experience. Inefficient query conditions cause...
4. März1 Min. Lesezeit
Avoid Synchronous AJAX in Client Code
Synchronous AJAX calls in client-side code are a common cause of performance bottlenecks in web applications, including those built on...
4. März1 Min. Lesezeit
Prevent Cross-Table Updates in Before Business Rule
Before Business Rules in ServiceNow are designed to execute just before a database operation occurs. Using these rules to perform...
4. März1 Min. Lesezeit
Enforce Role-Based MFA Setting
Role-based multi-factor authentication (MFA) enhances security protocols by requiring additional verification for users based on their...
4. März1 Min. Lesezeit
Configure URL Allowlist for Logout Redirects
Securing user sessions even during logout is critical. Without a properly configured URL allowlist for logout redirects, users may...
4. März1 Min. Lesezeit
Add Indicators to Collection Job
In ServiceNow, data collection jobs play a crucial role in gathering information for analysis and decision-making. However, without...
4. März1 Min. Lesezeit
Ensure Unique Name for Update Set
In ServiceNow, managing update sets efficiently is crucial for maintaining system integrity during deployments. Using unique names for...
4. März1 Min. Lesezeit
SNC Access Control Plugin
The SNC Access Control Plugin is a critical component in ServiceNow that enhances security by restricting access to the instance...
4. März1 Min. Lesezeit
Enable XXE Protection in XML Processing
XML External Entity (XXE) attacks pose a significant security risk in applications that process XML data. Without adequate protection,...
4. März1 Min. Lesezeit
Remove console.log() from Client Script
Using console.log() in client scripts is a common debugging practice but is not recommended for production environments. It can expose...
4. März1 Min. Lesezeit
Remove DOM Manipulation from Client Script
Introduction Direct DOM manipulation  in ServiceNow client scripts  can lead to maintainability issues , especially after instance...
4. März1 Min. Lesezeit
Replace GlideRecord.getRowCount() in Server Script
Using GlideRecord.getRowCount() to count records in ServiceNow retrieves all matching rows , which can lead to performance and...