New: Burp Suite Enterprise Edition Pay as you scan pricing

More than 1,000 organizations are using Burp Suite Enterprise Edition to scale their web vulnerability scanning - using the same Burp Scanner favored by 73,000 penetration testers.

Pay as you scan creates a much lower entry point for Burp Suite Enterprise Edition subscribers.

Today we launched Burp Suite Enterprise Edition's new Pay as you scan (PAYS) subscription option. Pay as you scan enables users to get started with dynamic (DAST) scanning, and work toward achieving compliance - all while limiting their upfront costs, with usage-based pricing.

Quick link: license Burp Suite Enterprise Edition with the new PAYS subscription option, for $1,999 per year, plus $9 per scan hour.

Pay as you scan - how does that work then?

As above, when you subscribe to Burp Suite Enterprise Edition using the Pay as you scan option, your only upfront cost is an annual subscription fee of $1,999. Following this, scanning is charged at just $9 per hour.

Paying for scan time is simple - we'll invoice you on a monthly basis, and payment will be taken automatically from your saved card. You can set a limit on the maximum number of scan hours you can run within a month from your user account - which is handy if you're working to a fixed budget.

As with every Burp Suite Enterprise Edition subscription, there's no limit to the number of domain names / URLs you can scan, or the number of users you can add. And the scan results you produce all come with actionable remediation advice - so you don't need to be a security expert to fix the vulnerabilities you find.

Should you encounter any scan failures, you won't be charged for their scan time, and there is no limit on the number of concurrent scans you can run with a Pay as you scan subscription.

If you have any questions about Burp Suite Enterprise Edition's Pay as you scan subscription option, then get in touch with our team - who'll be happy to help.

A great solution for compliance scanning, or those new to web security

Conventional (Classic) Burp Suite Enterprise Edition pricing isn't ideal for every user. For instance, if you have only ad hoc, or bursty scanning requirements, then our Classic pricing (designed for more regular use) may not be cost effective. This is especially true for organizations with smaller security budgets - and may also ring true if you're scanning for compliance reasons (e.g. to become FedRAMP authorized).

This doesn't come at the cost of any functionality. In fact, you gain slightly.

Pay as you scan bridges this gap, creating a much lower entry point for Burp Suite Enterprise Edition subscribers. And it'll scale with you too - it's easy to switch over to an alternative subscription option if you find that your requirements have outgrown PAYS.

The release of PAYS mirrors our recently released Burp Suite Enterprise Edition Unlimited subscription option, which is aimed at enterprise-level / DevSecOps subscribers.

Example - PAYS subscription price breakdown

To demonstrate how Pay as you scan can save you money on your Burp Suite Enterprise Edition subscription, we've created an illustrative example. All of the prices referred to here are available on Burp Suite Enterprise Edition's Pricing page.

Imagine that your organization has five web applications that it needs to scan for compliance reasons. For FedRAMP compliance (which is required in order to sell cloud services to the US federal government), your organization would need to scan those five web applications at least once per month. Here, we'll take this as a benchmark.

For the sake of this example, let's assume that all of your web applications are reasonably complex, and that it takes Burp Suite Enterprise Edition two hours to perform a Deep scan of each one. As per FedRAMP requirements, you'll be scanning them once per month.

Classic subscription breakdown

• $6,600 - Burp Suite Enterprise Edition 1 year subscription (inc. 1 concurrent scan).
• $6,600 - Total based on Classic subscription option.

PAYS subscription breakdown

• $1,999 - Burp Suite Enterprise Edition 1 year Pay as you scan subscription (inc. unlimited concurrent scans).
• $1,080 - 120 hours of total annual scan time (5 apps, 2 hours per scan, scanned monthly @ $9 per scan hour).
• $3,079 -  Total based on PAYS subscription option.

As you can see, in the fairly common scenario described above, you would save a total of $3,521 by choosing a Pay as you scan subscription over a Classic subscription - just over 50%.

And that doesn't come at the cost of any functionality. In fact, you gain slightly - because the PAYS subscription includes as many concurrent scans as you want. You do of course keep the ability to scan any domain names / URLs you need to, and to add as many users as you want - because unlike many scanners, these features come as standard with every Burp Suite Enterprise Edition subscription.

Summary - save money by paying for only what you use

The example above demonstrates that if your scanning requirements are relatively light, then Burp Suite Enterprise Edition's new Pay as you scan subscription option will almost certainly save you a lot of money. This will be ideal in many scenarios where organizations are using dynamic (DAST) scanning to help achieve compliance, or are just starting out with web security.

To cap all this, Pay as you scan keeps all of the great features that every Burp Suite Enterprise Edition subscription comes with as standard. Among other things, this means that you can scan whichever domain names / URLs you want (without "locking in" certain ones), and add unlimited users.

To find out how to license Burp Suite Enterprise Edition with the new Pay as you scan subscription option, contact our team, or check out the Burp Suite Enterprise Edition pricing page.

Burp Suite Enterprise Edition Compliance

Matt Atkinson

@mattatkinson42