Guiding Tests
How to provide context to CodeWall's AI agent for better penetration testing results.
While CodeWall's AI agent operates autonomously, providing additional context helps it focus on what matters most and discover vulnerabilities that require domain knowledge.
Providing target context
When creating a test, you can provide context that helps the agent understand your application:
Application description
A brief description of what the application does, its primary use cases, and its technology stack. This helps the agent prioritize relevant attack vectors.
API specifications
If testing an API, providing an OpenAPI/Swagger specification dramatically improves coverage. The agent uses the spec to:
- Discover all endpoints, including those not linked from the UI
- Understand expected request formats and parameter types
- Identify authentication requirements per endpoint
Areas of concern
Highlight specific areas you want the agent to focus on:
- Recently changed features or endpoints
- Features handling sensitive data
- Custom authentication or authorization logic
- Third-party integrations
Scope as guidance
Your scope configuration implicitly guides the agent:
- Narrowing scope to specific paths focuses the agent's effort on those areas
- Excluding non-critical paths prevents the agent from spending time on low-value targets
- Including subdomains enables the agent to discover cross-domain vulnerabilities
See Scope Configuration for syntax details.
Iterating on results
After your first test:
- Review the findings and identify any false positives
- Adjust scope exclusions if the agent tested areas you don't care about
- Add context about areas where you expected findings but didn't get any
- Re-run with the refined configuration
Each iteration improves the agent's effectiveness for your specific application.