CodeWallDocs
Guidance

Choosing Targets

What makes a good target for AI penetration testing and how to select the right systems to test.

Choosing the right target is the first step to getting valuable results from CodeWall. This guide helps you identify which systems will benefit most from autonomous pentesting.

Ideal targets

CodeWall works best with:

  • Web applications with interactive interfaces, forms, and authentication flows
  • REST and GraphQL APIs with documented or discoverable endpoints
  • MCP servers exposing tools via the Model Context Protocol
  • LLM applications with chat or completion API endpoints
  • Applications under active development where new vulnerabilities may be introduced regularly

Technical requirements

For CodeWall to effectively test a target, it needs:

  • Network accessibility — the target must be reachable from CodeWall's infrastructure (see Access Requirements)
  • Stable environment — targets that are frequently restarting or unstable will produce unreliable results

Prioritizing targets

Consider testing these first:

  1. Internet-facing applications — highest risk, most likely to be attacked
  2. Applications handling sensitive data — PII, financial data, healthcare records
  3. Recently changed applications — new features often introduce new vulnerabilities
  4. Applications that haven't been tested recently — security debt accumulates over time

What CodeWall doesn't test

  • Offline or air-gapped systems
  • Hardware or IoT firmware

Guidance

Best practices and recommendations for effective penetration testing with CodeWall.

Comparing Test Types

Understand the differences between CodeWall's test types and when to use each.

On this page

Ideal targetsTechnical requirementsPrioritizing targetsWhat CodeWall doesn't test