Welcome to Bugcrowd's Product Documentation Center

You'll find comprehensive guides and documentation to help you start working with Bugcrowd as quickly as possible.

Target Management

A target may be any web application, mobile application, API, IOT device, hardware or website you want to include in any of your bounty programs.

Adding Targets On A Program

A 'Program Administrator' or 'Organization Owner' may search and add a number of targets to a program on the 'Program Scope' page by first navigating to the 'Program Settings' page by clicking on the 'Settings' tab on the Crowdcontrol Navbar.

Attention: Feature Restriction

Targets may only be manually added and removed by a user before a program has been launched live. Once the program has been launched live, the customer must contact customer@bugcrowd.com to add or remove any targets.

Program Settings

Program Settings

Select the 'Program Scope' tab.

Program Scope

Program Scope

To add new targets, go to the form at the bottom of the page.

Once you select the target input within the form, it will provide a list of unassigned targets from the organization.

Select and Assign Target to Program

Select and Assign Target to Program

New Targets: Adding New Targets At A Program Level

New targets created at the program level will automatically be available within the Organization Target Directory as well.

Please select a pre-existing one, or input a new target if none match.

Selecting Category

When adding or updating a target, assign the appropriate target 'category' by using the drop down arrows as seen in the image below.

Categorize the target based on one of the seven different types of targets provided in the drop down menu. Select the type that best fits your target, categories include website, API, IOS, Android, IOT, hardware, and other.

Set Target In or Out Of Scope

Next, use the drop down arrow in the 'scope' field to identify whether the target is in scope or out of scope.

Scoping Targets: What's In and What's Out?

Use the following three resources to help better understand and identify which targets should be set in or out of scope:

The Anatomy of a Bounty Brief
Creating a Scope
Defining Exclusions

Target Scope

Target Scope

Targets will be clearly labeled as 'In Scope' or 'Out of Scope' on the bounty brief as shown in the image below.

Target Scope - Program Brief

Target Scope - Program Brief

Reordering Targets in a Program

The order your targets appear on your program brief and submission form can increase their visibility to researchers. To increase awareness around critical targets, you may want to arrange them based on their business impact. Of course, you can arrange them in any order that makes the most sense to your program.

To reorder the targets in a program:

  1. Go to Settings to view your program settings.
  2. Go to the Program Scope tab. The Program Scope lists all of the targets that can be tested in your program.
  3. Find the target you want to move.
  4. Use the Drag button in the Actions column to move the target to its new position in the list.

When you are done, you can go to your program brief to verify that the targets have been reordered and categorized based on scope.

Editing Existing Targets

By clicking the pencil icon, one can start editing an existing target.

One can tell their target is in an edit state due to the drop-downs becoming visible. Once one makes the appropriate changes, click the checkbox icon to save the changes.

If you want to abandon the edits, press the back icon to the right.

Adding Targets At An Organization Level

Targets added to the Organization Target Directory are added at an Organization Level as a part of a customer's Crowdcontrol target repository. The targets added to the Organization Target Directory may be used on any of the customer's bounty programs run on Crowdcontrol.

An 'Organization Owner' may add a number of targets to Crowdcontrol by navigating to the 'Organization Settings' page. To do this, click on the gear icon in the upper right-hand corner.

Select the 'Target Directory' tab.

To add a target to the 'Target Directory' scroll to the bottom of the target list and fill in the form, clicking Create Target once completed.

Target Directory - Adding a New Target

Target Directory - Adding a New Target

List each target your organization would like to test. Targets listed here will be assignable to any of your organization's programs on Crowdcontrol.

Target Management

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.