Package: Invicti AppSec Core (on-demand)
Targets overview
Targets represent individual web applications or API endpoints registered for security scanning. Each target is defined by a URL and serves as the central object for organizing DAST scans, vulnerabilities, and risk data associated with that specific application.
Targets vs. projects
Targets and projects are both used to organize security work in Invicti AppSec, but they serve different purposes:
| Targets | Projects | |
|---|---|---|
| Defined by | URL (web app or API endpoint) | Source code repository or application component |
| Primary scanner type | DAST, API | SAST, SCA, IaC, Secrets, DAST |
| Branch tracking | No | Yes |
| URL required | Yes (locked after creation) | No |
Use targets when you want to track the security posture of a live web application or API endpoint. Use projects when you want to track security across your source code and CI/CD pipeline.
Targets list
Select Targets from the left-side menu to view your targets. You can switch between gallery view (cards) and table view using the view options in the upper right.
Target card information
Each target card displays the following information:
- Target name: the name assigned to the target
- URL: the registered URL of the target
- Team: the team responsible for the target
- Business criticality: the assigned business criticality level, or "None" if not set
- Risk score: the calculated risk score as a percentage based on discovered vulnerabilities
- Last scan: the date and time of the most recent scan
- Products: products associated with this target
- Programming languages: detected language breakdown, if available
- Vulnerability counts: number of open vulnerabilities by severity — Critical, High, Medium, Low
Filtering and sorting
Use the filters and sort options at the top of the targets list to narrow down your view. For more information, see Filter and sort.
Sorting options
Sort targets in ascending or descending order by:
- Default: creation date order
- Status: sort by target status
- Team: sort by owning team
- Score: sort by calculated risk score
Filtering options
Filter targets by one or more of the following:
- Business criticality: filter by assigned criticality level
- Label: filter by custom labels
- Team: filter by team assignment
- Last scan date: filter by when the target was last scanned
- Target: filter by target name
Risk scores help you prioritize which targets need immediate attention based on their current vulnerability exposure.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center