Instance security - Insecure Communication - FAQsSummaryQ: Is ServiceNow aware of the attached issue - OWASP M3 Insecure Communication?A: "OWASP M3 Insecure Communication" is part of OWASP Mobile top 10 2016, which is quite outdated. Instead, we suggest to look at the Mobile Application Security Verification Standard for reference: https://owasp.org/www-pdf-archive/OWASP_Mobile_AppSec_Verification_Standard_v0.9.2.pdf Q: Can ServiceNow address with Insecure Communication remediation plan to assist customers in risk assessment?A: ServiceNow adhere to OWASP MASVS standards. And we have independent 3rd party reviewers reviewing our product applications. These penetration test results can be viewed via ServiceNow CORE (Compliance Operations Readiness Evidence), which is an extensive set of documentation hosted in ServiceNow Community to map out how customer instances relate to compliance and regulatory requirements for cloud services. This self-service documentation includes policies, procedures, release notes, industry certifications and attestations.To gain access to ServiceNow CORE, follow the steps detailed in KB0564067 "ServiceNow CORE Solutions Brief".Once access has been provisioned, ServiceNow CORE can be navigated through the Directory of Topics and Documents:CORE Solutions Brief: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0564067ServiceNow CORE: Directory of Topics and Documents: https://community.servicenow.com/community?id=community_question&sys_id=aacdab6fdb50d3cc4837f3231f9619ff