Burp Suite Enterprise Edition

Pay as you scan (PAYS)

Frequently asked questions relating to the pay as you scan (PAYS) subscription model for Burp Suite Enterprise Edition.

What is pay as you scan?

Pay as you scan (PAYS) is a new subscription option for Burp Suite Enterprise Edition. This option allows you to scan your applications, however frequently you choose, and be charged per hour for every hour that you scan.

Frequently asked questions

We charge an annual license fee to access the product. You will then be charged per hour of scanning, billed on a monthly basis. Scans will be charged to the nearest minute and rounded up to the nearest cent/penny.

Contact us for all Burp Suite Enterprise Edition quotes.

A PAYS subscription requires a credit card to be saved against your account, due to the monthly billing of scan hours. If you do not have access to a credit card we would recommend looking at our other subscription options which offer more flexible payment terms.

At present, a pay as you scan (PAYS) subscription can only be purchased directly - it cannot be purchased via resellers.

By default, the limit on monthly scan hours is 500 per month. If you need to increase your monthly scan hours limit, please contact us.

Yes, you are able to set a limit on the number of scan hours you can run within a month from your user account.

You will be invoiced on a monthly basis. Payment will be taken automatically from your saved card, and you will be sent communications both before and after payment each month.

The scan hours billing period will run from the first to the last day of each calendar month. At the end of each month (midnight of the last calendar day) we will calculate the scan hours used and issue an invoice on the first day of the new month. Payment, via your saved credit card, will then be taken no more than three days later.

If payment fails for any reason, you will be sent an email communication advising you that we have been unable to charge for your monthly scan usage. You will have seven days to add a new payment method before we attempt to take payment again. If payment fails for a second time then we will temporarily revoke your scanning access until the outstanding balance has been paid.

You will not be charged for failed scans. If you begin a scan and then subsequently cancel it however, you will be charged.

Burp Suite Enterprise Edition will automatically check your remaining scan hours limit before running a scan. If your scan hours limit has already been reached, you will be unable to start your planned scan without first increasing your scan hours limit. If your remaining scan hours are low and you launch a long-running scan, there is potential for you to go over your scan hours limit.

Once started, scans will run to completion even if they go over your scan hours limit - they will not be canceled part way through. This means you may go over your scan hours limit if your remaining hours are low and you launch a long-running scan.

No, there is no limit. However, the more scans you run concurrently, the greater the infrastructure requirements will be. Read more on infrastructure requirements.

Yes - you can restrict who can run a scan using role-based access control (RBAC). For further information, see our RBAC documentation.

This information will be available from within the user account where the license was purchased.

PAYS requires an active connection back to PortSwigger.net to track scan duration and alert if usage is approaching any spend caps in place.

Yes - these can be found in the Burp Suite Enterprise Edition EULA.