Preparing Targets

Proper target preparation ensures CodeWall can test thoroughly and produce reliable results.

Test accounts

For authenticated testing, prepare dedicated test accounts:

• Realistic data — accounts should have realistic profiles, history, and content so the agent can test data-dependent features
• Sufficient permissions — create accounts at each privilege level you want to test (e.g., regular user, admin)
• Completed onboarding — accounts should have completed any setup wizards or onboarding flows
• No rate limiting on test accounts — or allowlist CodeWall's IPs from rate limits (see Configure Server Access)

Session configuration

For optimal testing efficiency:

• Long session timeouts — activity-based session expiry (rather than absolute timeouts) prevents sessions from expiring while the agent is actively testing
• Concurrent sessions — allow multiple simultaneous sessions for the test account so CodeWall can parallelize testing
• Disable CAPTCHA — for test accounts, or allowlist CodeWall's IPs

Environment considerations

Staging vs production

• Staging is recommended for first-time testing — lets you validate the setup without any risk to live systems
• Production is supported and safe (see Production Safety) — recommended for ongoing testing since it reflects the real attack surface

Data sensitivity

• CodeWall may read data visible to the test account during testing
• Avoid seeding test accounts with real PII or production secrets
• Use realistic but synthetic test data where possible

Pre-flight checklist

Before launching a test, verify:

• Target is accessible from the internet (or CodeWall IPs are allowlisted)
• Test accounts are created and credentials are ready
• Scope is defined (included/excluded hosts and paths)
• Team is aware that a pentest is running
• Monitoring/alerting won't trigger incident response for CodeWall's traffic