Articles on: Getting Started (Pentest)

How to verify ownership of an application?

To run a vulnerability scan on your application, you will have to verify that you own the application or domain being scanned. This is required to prevent any unauthorized user to run a scan on your applications & uncover the vulnerabilities. 

On the My Projects page, click on "Get Started" next to your project name and navigate to the verification step. There are 3 different methods to verify your ownership:

DNS Verification
File Upload
Manual Verification

Steps to verify ownership

DNS Verification

Select the DNS Verification method
Add DNS record

Login to the domain/DNS control panel of your application
Navigate to the screen where you can Add a new record
Create a new record of type TXT
In the Name field, if you are verifying your root domain, enter @ or full domain name. Say
In the Name field, If you are verifying a sub-domain, enter the sub-domain name in 'Name' field. Eg: If you are scanning, please enter api in the 'Name' field.
Set the TTL to Auto
In the Content field enter the unique verification token shown in the dashboard. It will be of the format astra-asset-verification=<copy unique token from dashboard>
Save the DNS record, and wait a few minutes for propagation. In some cases it might take a few hours too.

Click on Verify My Ownership in the dashboard

For verifying two or more applications on the same domain, you can simply create multiple TXT records

File Upload

Select the File upload method
Click on Download verification file to get the unique HTML file
Upload the downloaded file to the root of you application, having the URL as shown in the dashboard
Click on Verify My Ownership

Manual Verification

If you are not able to verify ownership using DNS Verification or File Upload, or your system does not support any of these methods - you can opt for Manual Verification. When we receive the request, our support team will try to establish ownership by other means, and could take up-to 12-24 hours. You will receive an email once the request is approved, and you can start a vulnerability scan. If possibly, it is recommended to use DNS and file upload verification methods.

Common verification errors

Here are some common verification errors that are possible:

Wrong verification file uploaded: The verification file for each project is unique, so make sure you have uploaded the correct verification file

The connection to your server timed out: Make sure that your server is responding and try again.

Updated on: 25/05/2022

Was this article helpful?

Share your feedback


Thank you!