Articles on: Test configuration

How to set up your test scope? (including and excluding subdomains)

The scope of a test refers to the list of URLs that will be included in your security assessment. It determines which parts of your application Beagle Security will test.


If your application spans multiple domains or subdomains, configuring the test scope helps ensure all relevant assets are included in the assessment.


Navigate to the scope


  • Go to Applications.


  • Select the application you want to configure.


  • Click on the Configuration tab.


  • Click on Advanced.


  • Scroll down to Scope of test, and click on it to configure, which will open a side panel window.


Configure the scope

The Scope of Test setting controls how Beagle Security handles subdomains during testing.


This option is enabled by default.


When enabled, Beagle Security can include discovered subdomains that fall within the scope of your application. This is useful when your application operates across multiple subdomains and you want them to be included in the assessment.


If you want Beagle Security to test all discovered subdomains, leave the setting enabled. If you do not want discovered subdomains to be included, you can disable the setting.


Add additional subdomains to the test scope

If your application spans multiple subdomains, Beagle Security can automatically discover them when they are linked to the primary application.


The recommended approach is to use the Re-fetch option. Beagle Security will re-scan the application, identify linked subdomains, and automatically add them to the test scope where applicable. This works when the subdomain is connected to the primary application through links or navigation paths that the crawler can discover during testing.


If a linked subdomain is not discovered automatically, you can add it manually:


  • Click Add New Sub Domain.


  • Enter the URL you want included in the test.


  • Save your changes.


Important: The Scope of Test feature is intended for subdomains that are part of the primary application’s attack surface and can be reached from the main application. Applications that operate independently, such as separate customer portals, standalone applications, or APIs hosted on a different subdomain, should be configured as separate applications in Beagle Security and tested independently.


When should you configure the test scope?

Configuring the test scope is useful when your application operates across multiple domains or subdomains and you want to ensure all relevant assets are included in the assessment.


For example, your main application may link to additional subdomains that form part of the same user journey or application flow. When these subdomains are accessible through links within the primary application’s UI, Beagle Security can discover and crawl them as part of the assessment.


If a portal, API, or application operates independently and is not linked from the primary application, it should be configured and tested as a separate application.


Reviewing the scope before starting a test helps ensure Beagle Security focuses on the intended targets and provides more complete test coverage.








Updated on: 19/06/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!