Manage Targets

Targets

The Targets page in ZeroThreat is your central hub for managing all aspects of scanning targets. From adding new targets to configuring and verifying them, this section provides all the tools you need to manage your web application security.

Add a Target

Click on the Add Target button to add a new target. This will open a add new target popup.

Refer the Add a Target guide for detailed guide on how to add a new target.

Target List and Sorting

When you access the Targets section, you'll see a comprehensive list of all your targets. To help you navigate and organize these targets effectively, you have several options:

  • Group By: Use the Group By button to sort targets based on:
    • Hostname: Group targets according to their respective hostnames.
    • Organizations: Sort targets based on the organizations they belong to.
  • Default View: If no sorting option is applied, targets will be displayed based on the most recent activity.

Target Configuration

Thumbnail

You can click on the icon to open target configuration settings for the target.

Refer the Target Configuration guide to know about each configuration in detail.

Target Verification

To scan a target, target ownership verification is required first. To verify a target you can click on button.

Target verification ensures you're authorized to scan the target, preventing unauthorized scans.

Refer the Target Verification guide to learn how to verify your domain with ZeroThreat before scanning.

Quick Access and Actions

Thumbnail
  • Open URL in a New Tab: Click the icon to open the scanned applications URL in a new tab. This allows for easy access to the website without leaving the Scans section.
  • Quick Scan: Use the Quick Scan icon to start a new scan using existing configurations. You can choose a previously saved login sequence or create a new one directly from this section.
Thumbnail

Refer How to perform an Authenticated Scan with Login Sequence? guide for more information.

Host-Based Targets

Most applications can be scanned by creating a single target for the main application URL. For example, if your application is available at https://example.com and the scanner can reach all important areas from that starting point, one target is usually enough.

In some cases, the same hostname may contain separate application areas that are not connected through normal navigation. For example, https://example.com may redirect users to https://example.com/client, while https://example.com/admin may be a completely separate admin application that is not linked from the client area. In this case, a scan starting from the main target may not discover or test the admin path properly because the two areas are isolated from each other.

For this type of setup, you should create separate targets for the independent paths. For example, you can create one target for https://example.com/client and another target for https://example.com/admin. This allows each section of the application to have its own scan configuration, login sequence, scan profile, and scan history while still keeping the testing scope accurate.

If your application areas are hosted on different subdomains or domains, they should also be created as separate targets. For example, https://app.example.com, https://admin.example.com, and https://api.example.com are different hostnames and should be managed as separate targets when they need to be scanned independently.

Subscription usage is based on the hostname. This means that when you create multiple targets under the same hostname, such as https://example.com/client and https://example.com/admin, they use the same hostname subscription. This gives you flexibility to scan isolated areas of the same host separately without consuming an additional hostname subscription for each path-based target.
However, targets created on different hostnames, such as different subdomains or separate domains, are treated separately for subscription purposes.

What's Next?

Now that your targets are set up, it's time to run your first scan! Head over to the Quick Scan Guide to begin your journey toward better application security.