Managing Targets at Engagement Level

Targets for Pen Test engagements are now managed in the engagement settings. To manage targets at the engagement level, you must first create a target group. Once you create target groups, you can add targets to the group, edit targets, reorder targets, or remove the target group.

Adding Targets Groups

To add target groups, follow these steps:

  1. Select a pen test engagement from the drop-down, and click the on the Engagement name.

    engagements

  2. Click the Settings tab.

    engagement-settings

  3. Click on Scope & Rewards, and go to Target Groups.

    target-groups

  4. Click on Add group.

    add-groups

    The Add new target group page appears.

    add-new-groups

  5. In Title, specify a name for your target group.

  6. In Description, provide a detailed description of the target group. This includes details about:

    • Target documentation
    • System diagrams
    • Focus areas

    You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

    title-description

  7. If you want researchers of the engagement to test all the targets in the target group, then select the This target group is In Scope checkbox.

    is-this-group-in-scope

  8. Click Create group.

Adding Targets to Target Groups

Once the target group is created, you can add targets. To add targets to the group, follow these steps:

  1. On the Target groups page, click on the Edit icon of the group you created.

    edit

    The Edit target group page appears.

  2. Scroll down to the Targets section, and click on Add new target.

    add-new-target

    The Add target pop-up window is displayed.

    Feature Restriction: Targets may only be manually added and removed by a user before the engagement has been launched live. Once the engagement is launched live, contact your Account Manager to add or remove any targets.

  3. Specify the following:

    • Target name: Select a pre-existing target or fill-in the name of the to be created target.
    • Target URL / Location (optional): Provide the complete URL for researchers to access this target. It must be a valid example of an instance of this target such as a website, application, API, or the app store link to the mobile application. Bugcrowd’s servers will occasionally poll these targets to test connectivity and composition.
    • Category: Select the category that best fits your target.
    • Tags(optional): Select tags to indicate the skills and technologies that will be helpful in testing this target.

    add-target-pop-up

  4. Click Save.

Editing Targets in Target Groups

If you want to edit the target information, click the gray color Edit icon.

edit-target-details

Deleting Targets in Target Groups

To delete a target, click the red color Delete icon for the target that you want to delete.

delete-target

Deleting a target from a program will effectively change the scope and bounty brief.

Removing a Target: If your program linked to an engagement is yet to launch live, both targets in and out of scope may be removed. Removing a target will no longer allow researcher to submit vulnerabilities against the removed target until the target has been re-added.

At this point, the target will be removed from the engagement brief, however, existing submissions attached to this target will be available within the submission inbox. In addition, all submissions attached to this target will be included in all metrics presenting in the Insights page.

Reordering Targets in Target Groups

To reorder a target, click the two arrow icon, and drag-and-drop the target to the required position.

reorder-target

Removing Target Groups

To delete a target group, follow these steps:

  1. Click the Edit icon on the target groups page.

    target-groups-page

  2. On the Edit target group page, scroll down to the Targets section, and click Delete group.

    engagement-delete-group

    A message asking for confirmation is displayed.

  3. Click Delete.

    remove-group-pop-up

    The “Group deleted successfully” message is displayed and the target group is removed from the Target groups page.


Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management