Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Burp Scanner engineering team

We work on the Burp Suite Scanner, the security professional's automation tool of choice.

We take on the challenges of securing the internet in the face of sophisticated and tenacious attackers. There is no shortage of interesting, complex problems to solve.

Alex B, Technical Product Manager, Burp Scanner

Alex B

Key functionality

Burp Scanner is a key component of Burp Suite. The Scanner crawls through a website, building an accurate picture of a target, and cutting through obstacles such as stateful functionality and CSRF tokens, by harnessing Chromium's support for modern web technologies.

The Scanner then performs a highly configurable audit on the mapped target, exposing any issues found and categorizing them using a huge list of known vulnerabilities.

Burp Suite scanner team

Problem space

Auditing a target requires building an accurate graph of it. Building an accurate picture of the paths through a complex website is a challenging mathematical problem. A key issue for the team is addressing this issue while using a reasonable amount of computational resources.

The Internet is a dizzyingly vast and complex place. The Scanner has to ingest everything the Internet has to offer, no matter how new or badly written. The team often has to write custom parsers to keep the Scanner current.

The Scanner relies heavily on the world-class output of the Research team in detecting and defining new vulnerabilities to look for. The team needs to keep current on the issues that emerge from the less salubrious parts of the web.

Technologies

The Burp Scanner is written in core Java, with native integration with the Chromium browser using the DevTools protocol.

The tools we use in developing the Scanner include: IntelliJ IDEA, JUnit, Mockito, git, Gradle, TeamCity, Docker, and various AWS services.

What we've been working on

Burp Scanner forms the core of both Burp Suite Professional and Burp Suite Enterprise Edition. That means that we're always working on improving its functionality, to incorporate the latest technologies, application types, and vulnerabilities.

Have a read of our product roadmaps for Burp Suite, to discover the new functionality and features we have planned for Burp Scanner.

Meet the Swiggers

We are a diverse group of people with a wide range of interests and backgrounds. What Swiggers have in common is that they all love their work and are exceptionally good at what they do.

Jess H

Jess H, Culture Champion

Mike S

Mike S, Software Developer

Mohamed H

Mohamed H, Software Developer