Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
© 2018 ServiceNow All Rights Reserved
Building Apps on ServiceNow
The App Publishers Checklist
Travis Toulson
Sr. Architec...
© 2018 ServiceNow All Rights Reserved
Mistakes made early in app
development are the most
difficult to overcome
Problem
© 2018 ServiceNow All Rights Reserved
1. Changes Break Things
2. Testing is Hard
3. Deleting App Records is risky
4. The S...
© 2018 ServiceNow All Rights Reserved
Build it Sexy
#1
© 2018 ServiceNow All Rights Reserved
User Interface is the one
language spoken by both the
business and the developer
© 2018 ServiceNow All Rights Reserved
Too Many Interfaces
are full of
© 2018 ServiceNow All Rights Reserved
Forms
Service Portal
UI Pages
Processors
© 2018 ServiceNow All Rights Reserved
Build it Stable
#2
© 2018 ServiceNow All Rights Reserved
Use Software
Architectures
that Scale
© 2018 ServiceNow All Rights Reserved
Program to
Interfaces with
Script Includes
Black Box
Of
Code
Input Output
recommende...
© 2018 ServiceNow All Rights Reserved
Leverage System Properties
// Use system properties instead of hardcoding
var deferM...
© 2018 ServiceNow All Rights Reserved
Build it Secure
#3
© 2018 ServiceNow All Rights Reserved
1. Scripted REST Services
2. UI Pages
3. Portals / Widgets
4. Tables (Especially DEL...
© 2018 ServiceNow All Rights Reserved
DO NOT implement security with
Client Scripts or UI Policies
© 2018 ServiceNow All Rights Reserved
1. Hijack User’s Session
2. Redirect User to Malicious Site
3. Modify Presentation o...
© 2018 ServiceNow All Rights Reserved
Beware of XSS – Stored XSS
// User saves a script in a database field
var gr = new G...
© 2018 ServiceNow All Rights Reserved
Beware of XSS – Reflected XSS
// User navigates to URL with Script in a parameter
ab...
© 2018 ServiceNow All Rights Reserved
1. Keep IP in Server Side Code
2. Set Protection Policies to
“Protected”
3. Client S...
© 2018 ServiceNow All Rights Reserved
Build It
Sexy
#1
Build It
Stable
#2
Build It
Secure
#3
© 2018 ServiceNow All Rights Reserved
© 2016 ServiceNow All Rights Reserved 21Confidential
21
#Know18
© 2018 ServiceNow All Rights Reserved
Travis Toulson
Sr. A...
Nächste SlideShare
Wird geladen in …5
×

Building Apps on ServiceNow: The App Publishers Checklist

1.742 Aufrufe

Veröffentlicht am

ServiceNow makes building custom applications incredibly easy. Unfortunately, it’s just as easy to miss some vital steps early on which could make your application bloated, less secure, harder to use, and harder to maintain. Whether you are publishing to the Store or promoting to prod, learn the simple steps you can take to ensure your app is ready for release and built to last.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Building Apps on ServiceNow: The App Publishers Checklist

  1. 1. © 2018 ServiceNow All Rights Reserved Building Apps on ServiceNow The App Publishers Checklist Travis Toulson Sr. Architect GlideFast Consulting
  2. 2. © 2018 ServiceNow All Rights Reserved Mistakes made early in app development are the most difficult to overcome Problem
  3. 3. © 2018 ServiceNow All Rights Reserved 1. Changes Break Things 2. Testing is Hard 3. Deleting App Records is risky 4. The Spaghetti Monster Challenges After V1
  4. 4. © 2018 ServiceNow All Rights Reserved Build it Sexy #1
  5. 5. © 2018 ServiceNow All Rights Reserved User Interface is the one language spoken by both the business and the developer
  6. 6. © 2018 ServiceNow All Rights Reserved Too Many Interfaces are full of
  7. 7. © 2018 ServiceNow All Rights Reserved Forms Service Portal UI Pages Processors
  8. 8. © 2018 ServiceNow All Rights Reserved Build it Stable #2
  9. 9. © 2018 ServiceNow All Rights Reserved Use Software Architectures that Scale
  10. 10. © 2018 ServiceNow All Rights Reserved Program to Interfaces with Script Includes Black Box Of Code Input Output recommender1.getNextWorkItem() recommender2.getNextWorkItem()
  11. 11. © 2018 ServiceNow All Rights Reserved Leverage System Properties // Use system properties instead of hardcoding var deferMin = gs.getProperty(‘x_gfnull_iq.defer_minutes’); // Execute scripts stored in system properties (Ultimate Interface!) var gr = new GlideRecord('sys_properties'); gr.get('386cf93edb278700775dab92ca961956'); var answer = new GlideScopedEvaluator().evaluateScript(gr, 'value');
  12. 12. © 2018 ServiceNow All Rights Reserved Build it Secure #3
  13. 13. © 2018 ServiceNow All Rights Reserved 1. Scripted REST Services 2. UI Pages 3. Portals / Widgets 4. Tables (Especially DELETE) Don’t Forget The ACL’s
  14. 14. © 2018 ServiceNow All Rights Reserved DO NOT implement security with Client Scripts or UI Policies
  15. 15. © 2018 ServiceNow All Rights Reserved 1. Hijack User’s Session 2. Redirect User to Malicious Site 3. Modify Presentation of Content Beware of XSS
  16. 16. © 2018 ServiceNow All Rights Reserved Beware of XSS – Stored XSS // User saves a script in a database field var gr = new GlideRecord(‘sys_properties’); gr.initialize(‘incident’); gr.description = “<script>alert(‘Uh oh’);</script>”; gr.insert(); // Script gets injected on the Client document.write(gr.short_description); // Or the Server ${gr.short_description}
  17. 17. © 2018 ServiceNow All Rights Reserved Beware of XSS – Reflected XSS // User navigates to URL with Script in a parameter abc.service-now.com/my_page.do?search=<script>alert(“Uh Oh”);</script> // Parameter gets injected directly back into the HTML of the Page <p>You searched for: ${RP.getParameterValue(‘search’)}</p>
  18. 18. © 2018 ServiceNow All Rights Reserved 1. Keep IP in Server Side Code 2. Set Protection Policies to “Protected” 3. Client Scripts can not be protected Protect Your IP
  19. 19. © 2018 ServiceNow All Rights Reserved Build It Sexy #1 Build It Stable #2 Build It Secure #3
  20. 20. © 2018 ServiceNow All Rights Reserved
  21. 21. © 2016 ServiceNow All Rights Reserved 21Confidential 21 #Know18 © 2018 ServiceNow All Rights Reserved Travis Toulson Sr. Architect GlideFast Consulting travis.toulson@glidefast.com Thank You

×