How-To: Completing Target Setup

Last updated: June 3, 2026

Introduction

Once you have successfully verified ownership of your application or domain, you must complete the target setup before initiating any security scans. This process defines essential preferences and parameters that guide how the Astra scanner interacts with your target.

Prerequisites

  • Ownership Verification: You must have already completed the verification process (via DNS, File Upload, or Manual Verification).

  • Target Status: The target must be visible in the Pending Setup section of your Targets Page.

Step-by-Step Instructions

  1. Initiate the Flow: Navigate to the Targets page from the left sidebar and locate the Pending Setup section.

  2. Open the Wizard: Click the Setup Target button next to your verified asset to open the configuration wizard.

  3. Configure Based on Target Type: Follow the specific steps for your asset type:

    • API Targets: Provide the Application Name and Base URL. Choose how to share API details (OpenAPI Spec, Postman Collection, or Traffic Collector) and configure the necessary API Authentication.

    • Web Targets: Provide fundamental details and configure Login Recording if the scanner needs to access areas behind a login page.

    • Mobile (iOS/Android) Targets: Enter the app overview and key features. Upload the IPA or APK file (required for the pentest) and provide test credentials for various user roles.

    • Cloud Targets: Select your provider (AWS, GCP, Azure, or DigitalOcean) and enter IAM user credentials or upload programmatic access files.

  4. Advanced Settings (Optional): In the Advanced section, you can add Extra HTTP Headers for bypass rules or define URL Exclusion Regex to skip specific paths like health probes or static assets.

  5. Finalize Configuration: Review all provided information and click the Complete Setup button at the end of the wizard.

Expected Outcome

Upon clicking "Complete Setup," the target status will change to Active. You will now be able to initiate scans and access the full Target Settings page for further management.

Common Issues and Troubleshooting

  • Scanner Connection Failures: If the scanner cannot reach the target immediately after setup, ensure you have allowlisted Astra's static IP ranges in your firewall or WAF settings.

  • Login Errors: If using Scan-Based Login (SBL), ensure your Puppeteer login recording is cleaned of internal browser pages or unnecessary meta key events.

  • Performance Impact: If the scan affects application performance, navigate to Target Settings > General Settings to reduce the Scan Speed (concurrent threads and delays).