Target Concept
A target defines the scope of a scan, what will and won't be included in the scan plan. This is done by filling a target's site and assets.
The entry point for the web application (and authentication) is setup in the target's site.
In modern web applications, you are probably loading resources from multiple domains. A single page app, for example, will usually load the page from one domain and make AJAX requests to another. This is what assets are for: they specify what domains our scanner should follow and create requests for.
A URL is probably not the only thing you will need to setup when scanning your application. For example:
- Does the application have an authenticated area?
- Does it use basic auth?
- Does it expect a certain cookie or header?
These parameters are all configured in the target's site.
We need to ensure that only allowed web applications are scanned. Therefore, we must verify that you have control of any site you wish to include. This can be done by:
- Placing a file on a well-known location, on the site's server.
- Creating specific DNS records.
- Adding an HTML meta tag to the root of the site.