Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Burp Suite Enterprise Edition

Features

Scan it all. With the enterprise-enabled dynamic web vulnerability scanner.

Got a question? Contact us

Burp Suite Enterprise Edition Features

Live demo

Scanning Features

Scanning features in Burp Suite Enterprise Edition
scanning

Burp Scanner

Catch the latest vulnerabilities with Burp Scanner - the dynamic (DAST) web vulnerability scanner trusted at over 16,000 organizations.

scanning

Recurring scanning

Set your scans to run on a daily, weekly, or even monthly basis.

scanning

Scalable scanning

Scale the number of concurrent scans you have available, with our transparent subscription options.

scanning

Easy scan set-up

Point and click scanning - just a URL required. Or trigger via CI/CD.

scanning

Bulk actions

Manage security more easily, with bulk actions for operations like canceling scans, or launching quick scans.

scanning

Out-of-box configurations

Use preset scan modes ranging from Lightweight to Deep, or create your own custom scan configurations.

scanning

API scanning

Discover more potential attack surface. Burp Scanner parses JSON or YAML API definitions - scanning any API endpoints it finds.

scanning

Authenticated scanning

Scan privileged areas of target applications, even if they use complex login mechanisms like single sign-on (SSO).

scanning

Browser powered scanning

Burp Scanner uses its embedded browser to render its target - enabling it to navigate even complex single-page applications (SPAs).

scanning

Add OAST to dynamic scans

Automated OAST was pioneered by PortSwigger, and can identify many vulnerabilities with tremendous accuracy.

scanning

Custom configurations

Specify crawl maximum link depth, reported vulnerabilities, fast versus exhaustive results, and more.


Integration Features

Integrating

All CI/CD platforms

Integrate with any CI/CD platform. See vulnerabilities right in your development environment.

Integrating

Vulnerability management platforms

Integrate scanning and security reporting into your own management and orchestration systems.

Integrating

Burp extensions

Tailor Burp Scanner to your exact requirements, by writing your own extensions, or by downloading them from the BApp Store.

Integrating

Multiple setup options

Choose from an on-premise deployment with an interactive installer, a Kubernetes deployment, or a cloud-based instance.

Integrating

Issue tracking platforms

Track issues with Jira, GitLab, and Trello. Auto ticket generation, severity / confidence level triggers, and unlimited boards.

Integrating

GraphQL API

Initiate, schedule, cancel, update, and work through your scans, to get the exact data you need, with a GraphQL API.

Integrating

Single sign-on (SSO)

Enable users to log in easily - with a variety of SSO options (SAML or LDAP, as well as SCIM). Integrate with any identity provider - including ADFS, Okta, or Active Directory.

Integrating

Role based access control

Multi-user, role-based functionality for site hierarchy, scan detail and reporting. Give everyone control.

Integrating

Compatible configurations

Manually integrate configurations from Burp Suite Pro, directly into your fully automated Enterprise environment.

Integration features in Burp Suite Enterprise Edition

Reporting Features

Reporting features in Burp Suite Enterprise Edition
Reporting

Dashboards

Graphical dashboards allow you to view bugs by severity or type. See security posture for all or just part of your organization.

Reporting

Report exporting

Export tailored HTML reports. Include any level of detail, severity, and confidence you require.

Reporting

Scan history

Metrics include changes by issue type and severity. See when and where bugs were introduced.

Reporting

Intuitive UI

Almost all features can be controlled through an intuitive, attractive UI. This opens security up to everyone.

Reporting

Remediation advice

Every issue Burp Scanner finds comes with actionable remediation advice from PortSwigger Research and the Web Security Academy.

Reporting

Rich email reporting

Get reports emailed to the right members of your team, to tailor your communications effectively.

Reporting

Security posture graphing

View deltas and other changes to visually represent your security posture's evolution. Know your attack surface.

Reporting

Aggregated issue reporting

Organize issues by their class at the touch of a button. Focus on the vulnerabilities you want to fix.

Reporting

Compliance reporting

Check for vulnerabilities relevant to the PCI DSS standard and 2021 OWASP Top 10, across your whole web portfolio.

Customer quote

The scanning engine is loaded with modern vulnerability detection engines. Sophisticated attacks are identified with ease with a detailed explanation. The ability to reproduce the issue using the proof of concept from the results provides a detailed level of understanding and the corresponding fix. Source: TechValidate survey of PortSwigger customers

See more customer stories

Application Security Engineer

Global 500 Insurance Company