Portswigger Logo
Burp Suite DASTThe enterprise-enabled dynamic web vulnerability scanner.
Burp Suite ProfessionalThe world's #1 web penetration testing toolkit.
Burp Suite Community EditionThe best manual tools to start web security testing.
View all product editions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
Attack surface visibilityImprove security posture, prioritize manual testing, free up time.
CI-driven scanningMore proactive security - find and fix vulnerabilities earlier.
Application security testingSee how our software enables the world to secure the web.
DevSecOpsCatch critical bugs; ship more secure software, more quickly.
Penetration testingAccelerate penetration testing - find more bugs, more quickly.
Automated scanningScale dynamic scanning. Reduce risk. Save time/money.
Bug bounty huntingLevel up your hacking and earn more bug bounties.
ComplianceEnhance security monitoring to comply with confidence.
View all solutions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
ResearchAcademy
Support CenterGet help and advice from our experts on all things Burp.
DocumentationTutorials and guides for Burp Suite.
Get Started - ProfessionalGet started with Burp Suite Professional.
Get Started - EnterpriseGet started with Burp Suite Enterprise Edition.
User ForumGet your questions answered in the User Forum.
DownloadsDownload the latest version of Burp Suite.
Visit the Support Center
DownloadsDownload the latest version of Burp SuiteFeatured Article
Product OverviewRequest a demoPricing
Explore Burp Suite DAST
Customer Stories
Resources
Product Overview
Burp Suite DAST

Features

Scan it all. With the enterprise-enabled dynamic web vulnerability scanner.
Portswigger Culture Hero Image

Scanning Features

imageCatch the latest vulnerabilities with Burp Scanner - the dynamic (DAST) web vulnerability scanner trusted by over 16,000 organizations.
imageDiscover more potential attack surface. Burp Scanner parses JSON or YAML API definitions - scanning any API endpoints it finds.
imageSet your scans to run on a daily, weekly, or even monthly basis.
imageScan privileged areas of target applications, even if they use complex login mechanisms like single sign-on (SSO).
imageScale your scanning requirements as needed, with our transparent subscription options.
imageBurp Scanner uses its embedded browser to render its target - enabling it to navigate even complex single-page applications (SPAs).
imagePoint and click scanning - just a URL required, or trigger via CI/CD.
imageAutomated OAST was pioneered by PortSwigger, and can identify many vulnerabilities with tremendous accuracy.
imageManage security more easily, with bulk actions for operations like canceling scans, or launching quick scans.
imageSpecify crawl maximum link depth, reported vulnerabilities, fast versus exhaustive results, and more.
imageUse preset scan modes ranging from Lightweight to Deep, or create your own custom scan configurations.
Portswigger Culture Hero Image

Integration Features

imageIntegrate with any CI/CD platform. See vulnerabilities right in your development environment.
imageTrack issues with Jira, GitLab, and Trello. Auto ticket generation, severity / confidence level triggers, and unlimited boards.
imageIntegrate scanning and security reporting into your own management and orchestration systems.
imageInitiate, schedule, cancel, update, and work through your scans, to get the exact data you need, with a GraphQL API.
imageTailor Burp Scanner to your exact requirements, by writing your own extensions, or by downloading them from the BApp Store.
imageEnable users to log in easily - with a variety of SSO options (SAML or LDAP, as well as SCIM). Integrate with any identity provider - including ADFS, Okta, or Active Directory.
imageChoose from an on-premise deployment with an interactive installer, a Kubernetes deployment, or a cloud-based instance.
imageMulti-user, role-based functionality for site hierarchy, scan detail and reporting. Give everyone control.
imageManually integrate configurations from Burp Suite Pro, directly into your fully automated Enterprise environment.
Portswigger Culture Hero Image

Reporting Features

imageEvery issue Burp Scanner finds comes with actionable remediation advice from PortSwigger Research and the Web Security Academy.
imageGraphical dashboards allow you to view bugs by severity or type. See security posture for all or just part of your organization.
imageGet reports emailed to the right members of your team, to tailor your communications effectively.
imageExport tailored HTML reports. Include any level of detail, severity, and confidence you require.
imageView deltas and other changes to visually represent your security posture's evolution. Know your attack surface.
imageMetrics include changes by issue type and severity. See when and where bugs were introduced.
imageOrganize issues by their class at the touch of a button. Focus on the vulnerabilities you want to fix.
imageAlmost all features can be controlled through an intuitive, attractive UI. This opens security up to everyone.
imageCheck for vulnerabilities relevant to the PCI DSS standard and 2021 OWASP Top 10, across your whole web portfolio.
Portswigger Culture Hero Image

"The scanning engine is loaded with modern vulnerability detection engines. Sophisticated attacks are identified with ease with a detailed explanation. The ability to reproduce the issue using the proof of concept from the results provides a detailed level of understanding and the corresponding fix."

Source: Application Security Engineer, Global 500 Insurance Company, TechValidate survey of PortSwigger customers

Features

Pricing

Resellers