Configuration

The Javelin RedTeam configuration system provides comprehensive control over scan parameters, target applications, vulnerability categories, and attack engines.

Configuration Structure

The main configuration consists of several key sections:

# Application under test
app_config:
  name: "MyApplication"
  description: "Application description for context"
  endpoint: "https://api.example.com/chat"

# Scan parameters
scan_config:
  parameters:
    maxScenarios: 10
    timeout: 5
    concurrency: 2
    reportFormat: "markdown"
    categories: ["data_privacy", "security"]

# Framework-level settings (optional)
framework:
  database_url: "postgresql://..."
  redis_url: "redis://..."
  max_concurrent_scans: 2

Application Configuration

Basic Application Settings

app_config:
  name: "CustomerChatbot"
  description: "A customer service chatbot that helps users with account inquiries, product information, and technical support."
  endpoint: "https://api.example.com/chat"
  method: "POST"  # Default: POST
  headers:
    Content-Type: "application/json"
    Authorization: "Bearer ${API_TOKEN}"
  payload_template:
    query: "{{query}}"
    user_id: "test_user"
    session_id: "redteam_session"

Field

Type

Description

Default

_name

_string

_{Application name for reporting}

_Required

_description

_string

_{Detailed description of target app for context generation}

_Required

_endpoint

_string

_{Target HTTP endpoint URL}

_Required

_headers

_object

_{HTTP headers to include}

_{payload_template}

_object

_{Request payload template with}_{{query}}_placeholder

_Required

Scan Configuration

Parameter

Type

Permissible Values

Description

_maxScenarios

_integer

_1-1000

_{Test cases generated per category}

_timeout

_integer

_1-300

_{Maximum scan duration in minutes}

_concurrency

_integer

_1-10

_{Parallel test execution count}

_reportFormat

_string

_{Markdown, JSON, PDF, HTML}

_{Output format}

_categories

_list

_{15 vulnerability categories}

_{List of vulnerability categories to test (e.g., data_privacy, security, responsible_ai, prompt_injection)}

Category Selection

scan_config:
  parameters:
    categories:
      # Core vulnerability categories
      - "data_privacy"
      - "responsible_ai"  
      - "security"
      - "brand_image"
      - "illegal_risks"
      
      # OWASP LLM Top 10 categories
      - "prompt_injection"
      - "sensitive_information_disclosure"
      - "supply_chain"
      - "data_and_model_poisoning"
      - "improper_output_handling"
      - "excessive_agency"
      - "system_prompt_leakage"
      - "vector_and_embedding_weaknesses"
      - "misinformation"
      - "unbounded_consumption"

Configuration Validation

Javelin RedTeam validates configuration before execution:

# Validate configuration
javelin-redteam validate --config conf/config.yaml

# Test connectivity
javelin-redteam test-connection --config conf/config.yaml

Best Practices

Start Simple: Begin with basic categories and low test counts
Environment Separation: Use different configs for dev/staging/prod
Incremental Testing: Gradually increase scope and complexity
Resource Management: Monitor concurrency and timeouts
Documentation: Document custom configurations and rationale

Troubleshooting

Common configuration issues:

Invalid Categories: Ensure category names match supported options
Authentication Failures: Verify API keys and permissions
Timeout Issues: Adjust timeout and concurrency settings
Resource Limits: Check framework limits for your deployment
Model Availability: Ensure specified models are accessible

PreviousArchitecture NextTarget Applications

Last updated 2 months ago

Good night

Configuration Structure

Application Configuration

Basic Application Settings

Scan Configuration

Category Selection

Configuration Validation

Best Practices

Troubleshooting