Overview: Targets Page

Last updated: June 8, 2026

Hello! We are here to help you manage your digital assets efficiently. The Targets page serves as your central command center for every web application, API, or cloud infrastructure you want to secure. This page allows you to track an asset's journey from initial purchase through ownership verification and final configuration, ensuring your security environment is organized and ready for scanning.

Summary

A Target refers to the specific asset (like a domain or API endpoint) that you want to subject to penetration testing or vulnerability assessments. The Targets page provides a comprehensive, high-level view of these assets, categorized by their current status in the onboarding lifecycle.

Who Should Read This

  • Security Leads: To maintain a complete inventory of all organizational assets currently being monitored or tested.

  • DevOps & Engineers: To ensure new staging or production environments are correctly verified and configured for scanner access.

  • Administrators: To manage asset quotas, purchase additional target slots, or deactivate retired assets.

Key Functions

  • Pending Verification Section: This area lists newly purchased targets that require proof of ownership. You can verify your asset using DNS records, file uploads, or a manual review by our team.

  • Pending Setup Section: Once verified, targets move here. This section lists assets that are verified but require final configuration—such as defining scan speed or authentication—before assessments can begin.

  • Active Targets Section: This is your main list of fully configured assets that are currently active and available for scanning or manual pentesting.

  • External App ID: This field allows you to map Astra targets to your internal tracking identifiers (like asset tags or project IDs), making it easier to correlate findings across your internal tools.

Available Actions

  • Add More Targets: Use the "Add More Targets" widget to purchase additional slots for new asset types like Web Apps, APIs, or Cloud Infrastructure.

  • Start Verification: Click this button next to a pending target to begin the ownership proof process.

  • Setup Target: Initiates the configuration wizard where you define the application's base URL, environment details, and login credentials.

  • Manage Target Settings: From here, you can update Business Names, adjust Scan Speed, or manage Member access for a specific asset.

Best Practices

  • Segment Complex Apps: For large platforms, divide them into smaller, logical targets (e.g., store.example.com and admin.example.com) to ensure focused and efficient testing.

  • Environment Consistency: When testing staging areas, ensure they are as identical to production as possible to reduce false positives and ensure relevant results.

  • Accurate Naming: Use clear Target and Business names, as this information is critical and will appear on your official Pentest Certificates and reports.

Troubleshooting & Common Issues

  • Verification Failures: If a file upload verification fails, double-check that the server is reachable and that you haven't uploaded a file from a different project.

  • Unnecessary Purchase Prompts: If you are asked to buy a new target when you believe you have one available, check your Pending Setup list for unconfigured assets before using the "Add Target" flow.

  • Deactivating a Target: To stop monitoring an asset, you must navigate to Settings > Subscriptions to cancel or pause the associated plan, which will move it out of the Active Targets list.