Provide Target Context
How to supply additional context to improve CodeWall's testing coverage and accuracy.
Providing context about your target helps CodeWall's AI agent focus on the right areas and discover vulnerabilities that require domain knowledge.
API specifications
If your target has an API, providing a specification is the single most impactful thing you can do for coverage.
OpenAPI / Swagger
- In the test configuration, expand Target Context
- Upload your OpenAPI spec (JSON or YAML) or provide a URL to it
- CodeWall will use the spec to discover all endpoints, understand parameter types, and test each operation
GraphQL schema
For GraphQL APIs, provide the introspection endpoint URL. CodeWall will query the schema and test all queries and mutations.
Application description
Provide a brief description of your application:
- What it does and who uses it
- Key features and workflows
- Technology stack (framework, database, hosting)
- Any custom authentication or authorization logic
This helps the agent prioritize attack vectors relevant to your stack.
Areas of focus
Specify areas you want the agent to pay extra attention to:
- Recently deployed features or endpoints
- Custom-built authentication flows
- File upload functionality
- Payment or billing workflows
- Admin or management interfaces
- Third-party integrations
Seed targets
You can provide up to 10 seed targets (domains, URLs, or IPs) as starting points for reconnaissance. This is useful when your application spans multiple domains or subdomains:
app.example.com— the main web applicationapi.example.com— the backend APIadmin.example.com— an admin portal
All seed targets are used during the recon phase to discover the full attack surface.
Sitemap or URL list
If your application isn't easily crawlable, provide:
- A sitemap.xml URL
- A list of specific URLs to test
- A list of API endpoints not documented in a spec
This ensures the agent discovers pages that might not be reachable through normal navigation.