Mar 41 min read
Add Explicit Order to Client Script
Client scripts in ServiceNow are often set up to change how forms behave on the client side, like hiding fields or making fields...
Mar 41 min read
Restrict GlideRecord in Client Callable Script
Using GlideRecord in client-callable script includes can expose sensitive data to unauthorized users. Since client-callable scripts run...
Mar 41 min read
Activate Email Filters Plugin
The Email Filters plugin helps assess incoming emails for potential spam by adding headers that can be used for filtering. Without this...
Mar 41 min read
Limit XML Entity Expansion to 3000
XML parsers can be exploited using the "Billion Laughs" attack, a type of XML entity expansion attack that consumes excessive system...
Mar 41 min read
Limit Diagnostic Page Access via ACL
Without proper access control, diagnostic pages like /stats.do, /threads.do, and /replication.do can be accessed by unauthorized users....
Mar 41 min read
Activate Privacy Settings on Client-Callable Scripts
Client-callable script includes are public by default, which can expose sensitive functionality. If not properly secured, unauthorized...
Mar 41 min read
Remove Hard-Coded Instance URL
Hard-coded instance URLs create migration challenges when moving configurations between environments, leading to broken links and...
Mar 41 min read
Avoid Using eval() in Script
Using eval() in scripts can execute untrusted or malicious code, posing significant security risks. It can lead to code injection...
Mar 41 min read
Reduce Execution Time of Report
Reports with long execution times can degrade system performance and impact the user experience. Inefficient query conditions cause...
Mar 41 min read
Avoid Synchronous AJAX in Client Code
Synchronous AJAX calls in client-side code are a common cause of performance bottlenecks in web applications, including those built on...
Mar 41 min read
Prevent Cross-Table Updates in Before Business Rule
Before Business Rules in ServiceNow are designed to execute just before a database operation occurs. Using these rules to perform...
Mar 41 min read
Enforce Role-Based MFA Setting
Role-based multi-factor authentication (MFA) enhances security protocols by requiring additional verification for users based on their...
Mar 41 min read
Configure URL Allowlist for Logout Redirects
Securing user sessions even during logout is critical. Without a properly configured URL allowlist for logout redirects, users may...
Mar 41 min read
Add Indicators to Collection Job
In ServiceNow, data collection jobs play a crucial role in gathering information for analysis and decision-making. However, without...
Mar 41 min read
Ensure Unique Name for Update Set
In ServiceNow, managing update sets efficiently is crucial for maintaining system integrity during deployments. Using unique names for...
Mar 41 min read
SNC Access Control Plugin
The SNC Access Control Plugin is a critical component in ServiceNow that enhances security by restricting access to the instance...
Mar 41 min read
Enable XXE Protection in XML Processing
XML External Entity (XXE) attacks pose a significant security risk in applications that process XML data. Without adequate protection,...
Mar 41 min read
Remove console.log() from Client Script
Using console.log() in client scripts is a common debugging practice but is not recommended for production environments. It can expose...
Mar 41 min read
Remove DOM Manipulation from Client Script
Introduction Direct DOM manipulation  in ServiceNow client scripts  can lead to maintainability issues , especially after instance...
Mar 41 min read
Replace GlideRecord.getRowCount() in Server Script
Using GlideRecord.getRowCount() to count records in ServiceNow retrieves all matching rows , which can lead to performance and...