Click on the Add Target
button to add a new target. This will open a add new target popup.
Refer the Add a Target guide for detailed guide on how to add a new target.
When you access the Targets section, you'll see a comprehensive list of all your targets. To help you navigate and organize these targets effectively, you have several options:
button to sort targets based on:.png)
.png)
You can click on the
icon to open target configuration settings for the target.
Refer the Target Configuration guide to know about each configuration in detail.
To scan a target, target ownership verification is required first. To verify a target you can click on
button.
Refer the Target Verification guide to learn how to verify your domain with ZeroThreat before scanning.
.png)
icon to open the scanned applications URL in a new tab. This allows for easy access to the website without leaving the Scans section.
icon to start a new scan using existing configurations. You can choose a previously saved login sequence or create a new one directly from this section..png)
Refer How to perform an Authenticated Scan with Login Sequence? guide for more information.
Most applications can be scanned by creating a single target for the main application URL. For example, if your application is available at https://example.com and the scanner can reach all important areas from that starting point, one target is usually enough.
In some cases, the same hostname may contain separate application areas that are not connected through normal navigation. For example, https://example.com may redirect users to https://example.com/client, while https://example.com/admin may be a completely separate admin application that is not linked from the client area. In this case, a scan starting from the main target may not discover or test the admin path properly because the two areas are isolated from each other.
For this type of setup, you should create separate targets for the independent paths. For example, you can create one target for https://example.com/client and another target for https://example.com/admin. This allows each section of the application to have its own scan configuration, login sequence, scan profile, and scan history while still keeping the testing scope accurate.
If your application areas are hosted on different subdomains or domains, they should also be created as separate targets. For example, https://app.example.com, https://admin.example.com, and https://api.example.com are different hostnames and should be managed as separate targets when they need to be scanned independently.
https://example.com/client and https://example.com/admin, they use the same hostname subscription. This gives you flexibility to scan isolated areas of the same host separately without consuming an additional hostname subscription for each path-based target.Now that your targets are set up, it's time to run your first scan! Head over to the Quick Scan Guide to begin your journey toward better application security.