This is a brand new product with the following key features:
- Server installation with a scalable architecture, and a distributed agent pool able to scan indefinitely many web sites in parallel.
- Ability to configure details of all your organization's web sites, reflecting your organization's structure.
- Perform vulnerability scans on demand or on a schedule, on a one-off basis or regularly recurring.
- Multi-user access with role-based access control.
- CI/CD integration able to work with any CI system.
Note that this is a beta release. It may contain bugs, including missing some vulnerabilities when scanning. It will remain officially in beta while problems are identified and resolved.
Licensing and pricing
Burp Suite Enterprise Edition is licensed for a specified number of agents. Each agent is capable of scanning one web site at a time. The pricing consists of a fixed price per year for the server installation (including one agent) plus a price per year for each additional agent:
- Server installation with 1 agent: $3999
- Each additional agent: $399
Pricing is per year, and you will need to renew your subscription to continue using the product. You can add further agents at any time, and the cost is calculated pro rata according to the days remaining on your license. This lets you grow your installation in a cost effective way as your requirements evolve.
There are no restrictions on numbers of users or the number of distinct web sites that can be scanned, and product updates are always made available to licensed users without additional charge.
Use the links below for more details on getting started with Burp Suite Enterprise Edition:
This is a new product, and its feature set will develop substantially over time. Here are some features that didn't make the cut of the initial release:
- Reporting of the delta between repeat scans, to see which issues have appeared or been resolved.
- Integration with JIRA and other issue tracking software.
- Ability to mark false positive issues.
- Agent affinity to specific web sites.
- Exporting of HTML audit reports.
- Email notifications.
- Support for Burp extensions.
- Automatic clean-up of old scan data.
To a great extent, we'll be guided by user feedback when setting priorities for new features. If you would like to see something added, please do let us know.