Frequently asked questions

Burp Suite DAST is an automated web vulnerability solution, designed to enable enterprises to scale scanning across their web portfolios.

Burp Suite DAST scales dynamic vulnerability scanning across your entire web portfolio, by:

• Scheduling scans to run on a recurring basis. With a range of out-of-the-box scan configurations you can set up scans with a simple point-and-click. All Burp Suite DAST needs is a URL.

• Embedding dynamic scans into the software development lifecycle (SDLC). It integrates into CI/CD toolchains and adds critical vulnerabilities to bug tracking systems, such as Jira, so that software development teams can handle critical security vulnerabilities like any other bug.

• Delivering rich reporting so that your organizations can access your security posture in real-time across your entire web application estates. Role-based access control ensures the right people can see security posture for the whole or part of the organization for which they're responsible.

Burp Suite DAST is different from any other automated web vulnerability scanner.

• Burp Suite DAST leverages the same tried, tested, and trusted Burp Scanner that is used in our Burp Suite Professional product, which is used by over 50,000 security engineers protecting the world's largest organizations.

• We enable you to scan it all! Near infinite scalability means you don't have to prioritize which web application you scan based on time or budget constraints. You don't pay per URL, making it an extremely flexible solution for growing enterprises.

• Advance your security posture as you move toward DevSecOps with out-of-the-box and custom connections to CI/CD and bug tracking systems, letting you build security into every step of your SDLC. By scanning for vulnerabilities early and frequently, you can eliminate the headaches of late testing.

Burp Suite DAST is used by over 550 organizations globally including some of the world's largest corporations. This includes companies like Cisco, Wells Fargo, Fidelity, PayPal and NASA. To learn more about who uses Burp Suite DAST and the benefits they achieve, read our Customer Success Stories.

Burp Suite DAST is used both by companies with secure application security practices and those that haven't previously had much investment in application security.

This includes many of the largest companies in the world and medium-sized companies that are looking to protect their business.

Organizations with mature application security practices use Burp Suite DAST to free their AppSec team's time, better support software development, and achieve DevSecOps.

Organizations that don't have AppSec teams and have typically relied on infrequent external penetration testing, are using Burp Suite DAST to implement regular, recurring vulnerability scans across their portfolio. The product is helping them to reduce the cost of penetration testing processes and reduce the risk of being hacked.

Burp Suite DAST is a separate product to Burp Suite Professional.

Burp Suite DAST enables companies to automate dynamic scans across their entire web portfolios. With Burp Suite DAST, you can schedule scans to run on a regularly recurring basis and integrate them, via CI, directly into software development processes. This degree of automation enables you to scan it all!

Burp Suite DAST is designed to serve all users, including Application Security practitioners and those that aren't web security experts, including software teams, CISOs, and other stakeholders. As such, PortSwigger launched Burp Suite DAST to make sure the product was accessible and appropriate for these users.

Burp Suite Professional, by contrast, is the leading toolkit for Application Security Testing. It is used by web security practitioners including penetration testers, security engineers, and bug bounty hunters, to test, find, and exploit vulnerabilities.

To see the differences between Burp Suite DAST and Burp Suite Professional, visit our product comparison page.

In order to get a quote for your business, or if you'd like to evaluate Burp Suite DAST, please get in touch with our customer happiness team today, on hello@portswigger.net.

To simplify the introduction of Burp Suite DAST into your organization, you can share this introduction letter with your decision makers.

If you are running a single deployment of Burp Suite DAST, you will only need one license.

If you want to run Burp Suite DAST in multiple environments, you will need to purchase a separate license for each environment. This applies to test, development, or staging environments, for example.

If you'd like support with understanding your licensing requirements, please get in touch with our customer happiness team today, on hello@portswigger.net.

No, you do not need to buy professional services to implement Burp Suite DAST. We provide great customer and technical support to over 13,000 organizations worldwide.

Our support teams are on a mission to help you get started and see maximum value throughout your Burp Suite experience.

Learn more about how we can support you.

Read through our preparation guidelines to learn more about the technical requirements and deployment options for Burp Suite DAST.

We are investing in Burp Suite DAST and regularly release new versions.

See our Release Notes for new features and updates already in the product, or check out the Product Roadmap to learn about what is coming next.

We are here to help. For additional information you can visit our Support Center, access technical documentation or get in touch with our Customer Happiness team at hello@portswigger.net. We look forward to speaking with you.