Package: Invicti AppSec Core (on-demand)
Targets overview
Use the targets list to stay on top of your live web applications and API endpoints. See which targets have open vulnerabilities, how their risk scores compare, and which ones need attention first. This document explains what targets are, how they differ from projects, and how to navigate and filter the targets list. For instructions on adding or editing targets, see the linked documents in the Next steps section.
Why this matters
Targets are the unit of accountability for your live applications in Invicti AppSec. Every vulnerability found, every scan run, and every risk score is tied to a target. Keeping your target list up to date ensures that security coverage reflects your actual attack surface - nothing important is missed, and nothing obsolete is still being scanned.
Targets vs. projects
Targets and projects are both used to organize security work in Invicti AppSec, but they serve different purposes:
| Targets | Projects | |
|---|---|---|
| Defined by | URL (web app or API endpoint) | Source code repository or application component |
| Primary scanner type | DAST, API | SAST, SCA, IaC, Secrets, DAST |
| Branch tracking | No | Yes |
| URL required | Yes (locked after creation) | No |
Use targets when you want to track the security posture of a live web application or API endpoint. Use projects when you want to track security across your source code and CI/CD pipeline.
Targets list
Select Targets from the left-side menu to view your targets. You can switch between gallery view (cards) and table view using the view options in the upper right. Use gallery view for a quick visual overview of risk scores and vulnerability counts. Use table view when you want to sort, compare, or review a large number of targets at once.
Target card information
Each target card displays the following information:
- Target name: the name you gave the target
- URL: the URL you registered for this target
- Team: the team responsible for the target
- Business criticality: the business criticality level you assigned, or "None" if not set
- Risk score: the risk score calculated as a percentage from discovered vulnerabilities
- Last scan: the date and time of the most recent scan
- Products: products associated with this target
- Programming languages: language breakdown detected during scanning, if available
- Vulnerability counts: number of open vulnerabilities by severity - Critical, High, Medium, Low
Filtering and sorting
Use the filters and sort options at the top of the targets list to narrow down your view. For more information, see Filter and sort.
Sorting options
Sort targets in ascending or descending order by:
- Default: creation date order
- Status: sort by target status
- Team: sort by owning team
- Score: sort by calculated risk score
Filtering options
Filter targets by one or more of the following:
- Business criticality: filter by assigned criticality level
- Label: filter by custom labels
- Team: filter by team assignment
- Last scan date: filter by when the target was last scanned
- Target: filter by target name
If a target has a high risk score, select it to open the target dashboard and see a breakdown of vulnerabilities by severity, scan history, and remediation status.
Next steps
- Add a web application target - register a new URL for scanning
- Edit or delete a target - update target settings, business criticality, or team assignment, or permanently remove a target that's no longer in scope
- View the target dashboard - review scan results, vulnerabilities, and risk score for a specific target
Troubleshooting
Target list is empty
No targets have been added yet. Select Targets from the left-side menu and follow the instructions in Add a web application target to register your first target.
Risk score shows 0% or no data
Risk scores are calculated from scan results. If no scans have completed for a target, the risk score shows 0% or no data. Run a scan on the target to populate the score.
Can't find a specific target
Use the Target filter at the top of the targets list to search by target name. If the target was recently added, try refreshing the page. If it still doesn't appear, verify that your team assignment grants you access to that target.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center