ServiceNow: How to harden your instance

I had to prepare an instance for some penetration testing. Turns out this is pretty easy.

To start with you need to know what ServiceNow requires of you. Here's that KB.

At the time of writing you need these pre-requirements;

That hardening guide on the HI site Docs is thorough. We needed HI to "Check Whitelist Package Calls" and "Check Whitelist Member Calls". This will be an issue if you've been granted access to use something the like ZipFile java class to zip some files from the server.

There's a great share (my copy) that gets you most the way there. I'd suggest starting there. You may
need to configure some properties like what file extensions you'll allow but its easier to do this then to manually create each property. Also it checks for default accounts and passwords.