New feature
Burp Scanner will check for a number of security vulnerabilities relating to access control.
New feature
Auto-generate a suitable EC2 instance for Burp Suite Enterprise Edition, using pre-built AMIs.
New feature
Burp Suite Enterprise Edition will be certified to SLSA Level 2 - addressing customer requirements.
Feature enhancement
Make config changes at folder level, as a bulk action in the UI. Reconfigure all the sites in a particular folder - for scan configuration, scanning machine pools, extensions used, etc.
New feature
Run Burp Suite Enterprise Edition from within any CI/CD environment, by starting a scanning machine in a container.
New feature
Burp Scanner will check for a number of security vulnerabilities relating to APIs that use the GraphQL language.
New feature
Upload an API definition as part of the Burp Scanner launch process. Burp Scanner will use this API definition to seed its scan - enhancing its ability to scan APIs and microservices.
Feature enhancement
Set up sites more easily in Burp Suite Enterprise Edition, with a range of feature improvements.
New feature
Following on from Burp Suite Enterprise Edition's Kubernetes deployment, which features automatic scaling of scan resources, we will introduce hourly metered billing.
Feature enhancement
Scan single page applications (SPAs) built using React more easily. Specifically, this will improve Burp Scanner's handling of input elements that do not have an enclosing form tag.
Feature enhancement
Fine-tuning of Burp Scanner, to optimize its performance when scanning single page applications (SPAs) built using Angular, Vue.js, and other frameworks.
Done
Addition of support for popup page elements when using Burp Scanner's recorded login (authenticated scanning) feature.
Done
Burp Suite Enterprise Edition now has a Kubernetes deployment option available, using a Helm chart. This enables auto-scaling of scanning resources.
Done
Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. Enabled by default.
Done
Burp Scanner can now detect injection into a wider range of templating engines, and will employ OAST techniques to detect blind SSTI.
Done
We have improved the placement and encoding of scan payloads within JSON and XML data structures.
Done
Burp Scanner now detects and interacts with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms.
Done
Ensure scans are carried out using the most suitable scanning machines - based on network location, system resources, or other factors.
Done
Enumerate API endpoints to scan APIs across your application portfolio; process OpenAPI (Swagger) definitions.
Done
Display scanned URLs as a tree, to make site structure easier to see. We've also improved navigation through the UI, as well as product look and feel.
Done
Configure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. Use single sign-on to remove the need to create and manage users.
Read all release notesDone
We have fundamentally changed the way that Burp Scanner navigates using its built-in browser. This improves scanning of applications that make heavy use of client-side JavaScript for navigation, and lays a strong foundation for further development of the scanner.
Done
Burp Scanner now automatically audits in-scope API requests that are issued from client-side JavaScript using XHR and Fetch.
Done
Replay and view recorded login (authenticated scanning) sequences executed during scans, to check for issues during the login process.
Done
Burp Scanner can now report new classes of HTTP/2-specific vulnerabilities.
Done
Burp Suite Enterprise Edition now supports issue tracking integration using Slack, Trello, and GitLab.
Done
By popular demand, you can now customize Burp Suite Enterprise Edition using extensions.
Done
Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities.
Done
Authenticate to any application by recording complex login sequences with a browser plugin. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on.
Done
View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting.
Done
Expose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and scanning machine management.
Done
Further optimized performance in default settings - enabling faster scans without compromising coverage.
Done
Burp Scanner now checks for a number of security vulnerabilities relating to JSON Web Tokens (JWT).
Done
Report scan results against compliance frameworks - such as PCI DSS, OWASP Top 10, etc.
Done
We now provide support for user management via SCIM (System for Cross-domain Identity Management), for integration with Okta and OneLogin.
Done
You can now import sites from CSV files, apply scan configurations and application logins across a group of sites, and cancel/delete selected scans - all through the UI.
Done
Support for site-driven scans within CI/CD plug-ins - and the ability to download end of scan reports. Set parameters for determining when a build fails.
Done
Enable single sign-on via Active Directory using SAML, in addition to the previously existing single sign-on functionality using LDAP.
Done
Streamline post-scan tasks by downloading detailed scan reports, automating email function for end-of-scan summary reports, and automating Jira ticket creation.
Done
Extensive UI upgrades have been introduced, including navigation changes, overall look-and-feel, and more intuitive in-product workflows.
Done
Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.
Done
Burp Scanner now handles navigational actions that cause DOM updates without a synchronous request to the server, allowing better handling of single-page applications.
See more customer storiesWe use Burp Suite Enterprise Edition because of the ease of use, the cost, the straightforward implementation, the useful results, and the accuracy - results when compared to more expensive tools are very similar. Source: TechValidate survey of PortSwigger customers
Douglas R. Lomsdalen
CISO