Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

Add a new target

Adding a new target to Invicti AppSec registers a web application or API endpoint for security scanning. A target represents the URL you want to scan and is the central object around which scans, vulnerabilities, and risk tracking are organized.

Prerequisites

Before adding a new target, ensure you have:

  • The correct access rights to Invicti AppSec (add permission for projects/targets)
  • An Invicti AppSec Core or Enterprise license
  • The full URL of the application or API you want to scan
  • Authorization to scan the target (see Authorized target scanning policy)
  • An existing team to assign as the target owner

Steps to add a target

To create a new target:

  1. Select Targets from the left-side menu.
  2. Click Add new target in the upper right corner of the targets list.
  3. Complete the target creation form with the required information:
  • Name (required): enter a unique, descriptive name for the target (minimum 3 characters, no spaces)
  • URL (required): select the protocol (https or http) and enter the target domain or host (for example, https://example.com). The URL and protocol cannot be changed after creation
  • Team (required): select the team responsible for this target's security
  • Business criticality (optional): set the target's business impact level or choose Calculate automatically to let AppSec determine it based on risk data:
    • Critical: mission-critical applications requiring immediate attention for security issues
    • High: important applications with significant business impact
    • Medium: standard applications with moderate business impact
    • Low: less critical applications with minimal business impact
  • Labels (optional): add custom labels to help categorize and filter the target; you can create new labels inline
  1. Click Create target to finalize.
  2. The system opens the target dashboard, which is initially empty. You can now configure settings or launch your first scan.
tip

Use https whenever possible. The protocol is locked after creation, so choose the correct one before saving.

Target validation

Once you create your target, verify the configuration:

  1. Check that the target appears in your targets list
  2. Confirm the team assignment is correct
  3. Review business criticality settings
  4. Run an initial scan to validate connectivity and scanner configuration
caution

Only scan targets you are explicitly authorized to test. Unauthorized scanning may violate applicable laws and terms of service. For safe practice environments, use the Invicti test websites.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?