Creating a Project in RedVeil

Projects are the top-level organizational unit in RedVeil.

A project represents the system, application, or environment you want to assess. For example, a production web application, a staging environment, or a set of external IP addresses. All tests, findings, and reports live within a project.

This guide walks through how to create your first project in RedVeil.

From anywhere in the platform, locate the Select Project dropdown at the top of the left-hand navigation sidebar.

If you have not created any projects yet, this will display “No project selected.”

The first step focuses on defining the basic identity of your project.

Enter a clear, descriptive name for the project. This name will be used throughout the platform to organize tests, findings, and reports.

A good naming convention example would be:

Choosing a meaningful name helps keep results organized, especially if you plan to run recurring tests over time.

The description field allows you to document testing objectives, environment notes, or internal context. This is optional but recommended, particularly for teams that collaborate or revisit projects later.

Descriptions are helpful for:

Below the project details, you’ll choose the Project Type. This selection determines what kind of testing the project is designed for and how later steps behave.

Each project type represents a different class of assessment.

External Network projects are used to assess internet-facing infrastructure. These tests focus on identifying exposed services, misconfigurations, and exploiting vulnerabilities visible from outside the network perimeter.

Web Application projects are designed for testing web-based applications and APIs.

These tests focus on issues such as (but not limited to):

Web Application projects can be run with or without authentication, depending on your testing goals.

Internal Network projects are intended for testing internal infrastructure, including segmentation, privilege escalation, and lateral movement. This option is currently marked as Coming Soon and cannot yet be selected but will be available to our Full Coverage subscribers when it is released.

Cloud Infrastructure projects will support cloud-specific security testing, including IAM configuration, storage security, and compliance validation. This option is also marked as Coming Soon and will be available to our Full Coverage subscribers when it is released.

Click Next in the bottom-right corner to proceed to the Scope step.

After selecting the project type, you’ll be taken to the Scope step of the Create Project workflow. This is where you define exactly what RedVeil is authorized to test.

The Testing Scope field is where you specify the targets that belong to this project.

Depending on the project type you selected, scope may include:

Each entry represents an asset that RedVeil is permitted to assess. RedVeil will only perform testing against assets explicitly listed in this scope.

Click Next in the bottom-right corner to proceed to the Settings step.

After defining the project scope, you’ll move to the Settings step. This step allows you to configure how RedVeil performs testing for this project.

Depending on your target type, these settings will vary.

If you selected a Web Application project type, you’ll see the Web Application Configuration section.

These settings allow you to control how RedVeil interacts with your application during testing and enable deeper coverage when authentication is available.

If your application has OpenAPI (Swagger) documentation, you can upload it here.

Providing OpenAPI documentation helps RedVeil:

This step is optional, but recommended for applications with well-defined APIs.

By default, web application testing is unauthenticated. You can enter credentials to allow RedVeil to test areas of the application that require login.

For applications with more complex authentication flows, you can expand Advanced Authentication Settings.

This section allows you to fine-tune how RedVeil authenticates, including selecting the authentication method. For example, the default option shown here is HTML Form (Username / Password).

If you selected an External Network project type, you’ll see the External Network Configuration section in the Settings step.

The Port Scan Mode setting controls how aggressively RedVeil scans for open services on external hosts.

By default, RedVeil uses Fast (Top 1000 ports), which provides a strong balance between coverage and efficiency. This mode is sufficient for most external perimeter assessments and aligns with common real-world attacker behavior.

More extensive scanning may increase coverage but can also increase test duration.

Click Next in the bottom-right corner to proceed to the Review step.

The final step in the project creation flow is the Review screen. This step gives you a complete summary of the project before it is created.

Click Create Project and you will be taken to the dashboard.

Now you're ready to start your penetration test! Click Start Scan and RedVeil will begin its work.