CodeWallDocs
Getting Started

Core Concepts

Understand the key building blocks of the CodeWall platform.

Targets

A target is the system you want to test — a web application, API, MCP server, or LLM application. Each target has a defined scope that tells CodeWall what it can and cannot interact with.

Tests (Pentests)

A test is a single penetration testing engagement against a target. When you launch a test, CodeWall's AI agent autonomously performs reconnaissance, analysis, exploitation, and reporting.

Tests go through six phases:

  1. Preflight — validating configuration and target reachability
  2. Recon — discovering the attack surface
  3. Analysis — identifying potential vulnerabilities
  4. Validate — confirming suspected vulnerabilities before exploitation
  5. Exploit — validating vulnerabilities with proof-of-concept exploits
  6. Report — generating findings with remediation guidance

Findings

A finding is a verified vulnerability discovered during a test. Each finding includes:

  • Severity — Critical, High, Medium, Low, or Informational
  • Attack chain — the full sequence of steps used to exploit the vulnerability
  • Proof of concept — reproducible evidence of the exploit
  • Remediation — actionable steps to fix the issue

Assets

An asset is a piece of infrastructure discovered or imported into CodeWall — a domain, IP, URL, endpoint, host, or service. Each asset has a confidence score (0.0–1.0) indicating how likely it is to belong to your organisation. See Assets for details.

Agents

CodeWall uses AI agents to perform penetration testing. These agents operate autonomously within your defined scope and follow safety guardrails to protect your systems.

Approval gates

Approval gates let you pause the test before each phase and require manual approval before the agent continues. You can also enable command-level approval for granular control over individual actions during exploitation. See Guardrails for details.

Schedules

You can configure schedules to run tests automatically on a recurring basis — daily, weekly, or custom intervals. This enables continuous security testing as your application evolves.

Projects

Projects group related targets and tests together, making it easier to manage security testing across your organization.

Quickstart

Run your first AI penetration test in under 5 minutes.

Guidance

Best practices and recommendations for effective penetration testing with CodeWall.

On this page

TargetsTests (Pentests)FindingsAssetsAgentsApproval gatesSchedulesProjects