Skip to main content

What are Targets?

Targets are the web applications and domains that you want MindFort to assess for security vulnerabilities. Think of them as your digital assets that need protection - production websites, staging environments, or any web application your organization operates.

Understanding Target Slots

Target Slots Purpose:
  • Assessment Concurrency: Control how many assessments can run simultaneously
  • Vulnerability Storage: Maintain historical vulnerability records for each target
  • Team Organization: Support multiple applications and development teams
Slot Requirements:
  • Single Application: One slot is sufficient for most individual web applications
  • Multiple Applications: Separate slots recommended for different applications or teams
  • Concurrent Testing: Additional slots enable parallel assessments across different targets

Target Inventory

The Targets page shows all your configured assets with key information:
  • Domain/URL: The web application being monitored
  • Added Date: When the target was first configured
  • Status: Verification status (verified targets can be scanned)
  • Basic Stats: Recent assessment results and finding counts
Only verified targets can be selected when starting new assessments. Unverified targets need verification before scanning.

Adding a New Target

1

Access Target Form

From the Targets page, click “Add Target” to open the configuration form.
2

Configure Basic Details

  • Name: Friendly name for your application (e.g., “Production Website”)
  • URL/Domain: The web application URL (https://yourapp.com)
  • Description: Optional context about the application
3

Save and Verify

Click Save to add the target. MindFort will attempt to verify access to the domain.
If your target shows as unverified after adding, you may need to configure firewall settings or contact support for assistance.

Managing Existing Targets

Editing Target Details

  1. Locate your target in the inventory
  2. Expand the target row to reveal management options
  3. Edit details inline:
    • Update name, description, or URL
    • Modify configuration settings
    • Add team notes or context

Adding Authentication Credentials

For testing authenticated areas of your application:
1

Expand Target Row

Click to expand the target you want to configure.
2

Add Credentials

In the expanded view, add stored credentials:
  • Username/Password: Standard login credentials
  • Magic Links: Special authentication URLs
  • API Keys: For API-based authentication
3

Test and Save

Verify the credentials work, then save the configuration.
Adding stored credentials enables deeper testing of authenticated areas during red team assessments.

Key-Value Storage

The Key-Value (KV) option allows you to pass helpful contextual information directly to MindFort’s AI agents during assessments. This information helps agents focus their testing efforts and understand your application better.
Agent Context: All key-value pairs are provided to agents during assessment execution, helping them make informed testing decisions.

Common Use Cases

  • Application Paths
  • Authentication Details
  • Testing Guidance
  • Technical Context
Guide agents to specific areas of interest:
Key: new_feature_path
Value: example.com/feature

Key: admin_panel_url
Value: /admin/dashboard

Key: api_endpoint_base
Value: api.example.com/v2
Benefits: Agents can focus testing on newly developed features, sensitive admin areas, or specific API versions.

Best Practices

Helpful Information to Include:
  • Recent Features: New functionality that needs security validation
  • Demo Credentials: Non-sensitive keys, tokens, or identifiers for testing
  • Specific Paths: URLs or routes where vulnerabilities might exist
  • Business Context: High-priority areas or recent security concerns
  • Technical Stack: Framework versions, dependencies, or architecture details
  • Scope Restrictions: Areas agents should avoid or treat as out-of-scope
Security Guidelines:
  • Never include production secrets or real user credentials
  • Use demo/test values only for any sensitive-looking information
  • Document sensitive areas without exposing actual sensitive data
  • Focus on guidance rather than giving away actual security keys

Example Target Configuration

Target: https://myapp.com
Authentication: Username/Password (demo account)

Key-Value Pairs:
┌─────────────────────────┬────────────────────────────────────┐
│ Key                     │ Value                              │
├─────────────────────────┼────────────────────────────────────┤
│ new_feature_path        │ myapp.com/beta-checkout           │
│ admin_panel_url         │ /admin/dashboard                   │
│ demo_api_key            │ demo_key_abc123                   │
│ recent_changes          │ payment_processing_system         │
│ focus_testing_area      │ user_profile_management           │
│ framework_info          │ django_4.1_with_react_frontend    │
│ avoid_testing           │ /internal-docs,/legacy-system      │
└─────────────────────────┴────────────────────────────────────┘
This configuration helps agents understand:
  • Where new features are located for focused testing
  • How to access administrative areas
  • What demo credentials are available
  • What areas have recent changes requiring attention
  • What technology stack to optimize attacks for
  • Which areas to avoid during testing to stay within scope
Effective Agent Guidance: The more context you provide, the more targeted and effective your security assessments will be.

Target Deletion Warning

Critical: When you delete a target, all vulnerability history is permanently lost and cannot be recovered. This includes:
  • All historical vulnerability records
  • Assessment results and findings
  • Remediation progress tracking
  • Evidence and proof-of-concept data
Before Deleting:
  • Export any needed reports or vulnerability data
  • Consider if you need to retain compliance records
  • Verify you have documented all critical findings
Alternative to Deletion: If you’re running out of target slots but want to retain vulnerability history:
  • Contact Support: Reach out to support@mindfort.ai to purchase additional target slots
  • Archival: Some organizations prefer to keep inactive targets rather than losing historical data
  • Team Consultation: Discuss with security and compliance teams before permanent deletion

Target Verification

Why Verification Matters

Verification ensures:
  • MindFort can access your application
  • Firewall rules allow scanning traffic
  • Domain ownership is confirmed
  • Assessment quality will be optimal

Verification Troubleshooting

If a target remains unverified:
  1. Check Firewall Settings: Ensure MindFort IPs are whitelisted
  2. Verify Domain Access: Confirm the URL is publicly accessible
  3. Review DNS Settings: Ensure proper domain resolution
  4. Contact Support: Use in-app chat if issues persist

Assessment Scheduling

For targets that need regular security testing:
1

Access Schedules Tab

In the expanded target view, click the “Schedules” tab.
2

Create Schedule

Configure recurring assessments:
  • Frequency: Daily, weekly, or monthly
  • Time: When scans should start
  • Timezone: Your preferred timezone
  • Method: Turbo or Deep scanning
3

Enable and Save

Activate the schedule to begin automatic assessments.
Scheduling may be available based on your subscription plan. Check with your admin if this option isn’t visible.

Best Practices

Target Organization

  • Use clear, descriptive names for easy identification
  • Add meaningful descriptions to provide context
  • Group related applications logically
  • Keep production and staging targets clearly labeled

Security Considerations

  • Only add targets you own or have permission to test
  • Use dedicated test credentials rather than personal accounts
  • Store credentials securely and rotate them regularly
  • Document any restrictions in the target description

Maintenance

  • Regular verification: Ensure targets remain accessible
  • Update credentials: Refresh authentication details as needed
  • Review schedules: Adjust timing based on business needs
  • Clean up unused targets: Remove decommissioned applications

Common Use Cases

Production Website Testing

Name: Production E-commerce Site
URL: https://store.yourcompany.com
Description: Customer-facing e-commerce platform
Credentials: Test user account with checkout permissions
Schedule: Weekly deep scans on Sundays at 2 AM

Staging Environment Validation

Name: Staging API Environment
URL: https://staging-api.yourcompany.com
Description: Pre-production API testing environment
Credentials: Staging API keys with full access
Schedule: Daily turbo scans after deployments

Legacy Application Assessment

Name: Legacy CRM System
URL: https://crm-legacy.yourcompany.com
Description: Legacy customer management system (PHP 7.x)
Notes: Limited to off-hours testing, notify team lead
Credentials: Service account with admin privileges

Troubleshooting

Can’t Select Target for Assessment

  • Verification Status: Ensure target is verified
  • Refresh Page: Sometimes the list needs updating
  • Check Permissions: Verify you have access to this target
  • Contact Support: If problem persists, use in-app chat

Credentials Not Working

  • Test Login: Verify credentials work in a browser
  • Check Expiration: Some credentials have time limits
  • Review Format: Ensure username/password format is correct
  • Update Stored Values: Refresh credentials in target settings

Assessment Results Poor

  • Add Authentication: Provide credentials for deeper testing
  • Check Firewall: Ensure scanning IPs are whitelisted
  • Review Target URL: Confirm it points to the right environment
  • Consider Deep Scan: Use thorough method for better coverage
I