Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building Apps on ServiceNow: The App Publishers Checklist

1,329 views

Published on

ServiceNow makes building custom applications incredibly easy. Unfortunately, it’s just as easy to miss some vital steps early on which could make your application bloated, less secure, harder to use, and harder to maintain. Whether you are publishing to the Store or promoting to prod, learn the simple steps you can take to ensure your app is ready for release and built to last.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Building Apps on ServiceNow: The App Publishers Checklist

  1. 1. © 2018 ServiceNow All Rights Reserved Building Apps on ServiceNow The App Publishers Checklist Travis Toulson Sr. Architect GlideFast Consulting
  2. 2. © 2018 ServiceNow All Rights Reserved Mistakes made early in app development are the most difficult to overcome Problem
  3. 3. © 2018 ServiceNow All Rights Reserved 1. Changes Break Things 2. Testing is Hard 3. Deleting App Records is risky 4. The Spaghetti Monster Challenges After V1
  4. 4. © 2018 ServiceNow All Rights Reserved Build it Sexy #1
  5. 5. © 2018 ServiceNow All Rights Reserved User Interface is the one language spoken by both the business and the developer
  6. 6. © 2018 ServiceNow All Rights Reserved Too Many Interfaces are full of
  7. 7. © 2018 ServiceNow All Rights Reserved Forms Service Portal UI Pages Processors
  8. 8. © 2018 ServiceNow All Rights Reserved Build it Stable #2
  9. 9. © 2018 ServiceNow All Rights Reserved Use Software Architectures that Scale
  10. 10. © 2018 ServiceNow All Rights Reserved Program to Interfaces with Script Includes Black Box Of Code Input Output recommender1.getNextWorkItem() recommender2.getNextWorkItem()
  11. 11. © 2018 ServiceNow All Rights Reserved Leverage System Properties // Use system properties instead of hardcoding var deferMin = gs.getProperty(‘x_gfnull_iq.defer_minutes’); // Execute scripts stored in system properties (Ultimate Interface!) var gr = new GlideRecord('sys_properties'); gr.get('386cf93edb278700775dab92ca961956'); var answer = new GlideScopedEvaluator().evaluateScript(gr, 'value');
  12. 12. © 2018 ServiceNow All Rights Reserved Build it Secure #3
  13. 13. © 2018 ServiceNow All Rights Reserved 1. Scripted REST Services 2. UI Pages 3. Portals / Widgets 4. Tables (Especially DELETE) Don’t Forget The ACL’s
  14. 14. © 2018 ServiceNow All Rights Reserved DO NOT implement security with Client Scripts or UI Policies
  15. 15. © 2018 ServiceNow All Rights Reserved 1. Hijack User’s Session 2. Redirect User to Malicious Site 3. Modify Presentation of Content Beware of XSS
  16. 16. © 2018 ServiceNow All Rights Reserved Beware of XSS – Stored XSS // User saves a script in a database field var gr = new GlideRecord(‘sys_properties’); gr.initialize(‘incident’); gr.description = “<script>alert(‘Uh oh’);</script>”; gr.insert(); // Script gets injected on the Client document.write(gr.short_description); // Or the Server ${gr.short_description}
  17. 17. © 2018 ServiceNow All Rights Reserved Beware of XSS – Reflected XSS // User navigates to URL with Script in a parameter abc.service-now.com/my_page.do?search=<script>alert(“Uh Oh”);</script> // Parameter gets injected directly back into the HTML of the Page <p>You searched for: ${RP.getParameterValue(‘search’)}</p>
  18. 18. © 2018 ServiceNow All Rights Reserved 1. Keep IP in Server Side Code 2. Set Protection Policies to “Protected” 3. Client Scripts can not be protected Protect Your IP
  19. 19. © 2018 ServiceNow All Rights Reserved Build It Sexy #1 Build It Stable #2 Build It Secure #3
  20. 20. © 2018 ServiceNow All Rights Reserved
  21. 21. © 2016 ServiceNow All Rights Reserved 21Confidential 21 #Know18 © 2018 ServiceNow All Rights Reserved Travis Toulson Sr. Architect GlideFast Consulting travis.toulson@glidefast.com Thank You

×