ENTERPRISE

Run your first scan

  • Last updated: September 9, 2022

  • Read time: 2 Minutes

In Burp Suite Enterprise Edition, you create "sites" to represent any websites or web applications that you want to scan. An onboarding wizard helps you to add your first site and then run a scan on it. We've provided a live, deliberately vulnerable website for you to scan so that you can follow along with this tutorial.

Step 1: Add your first site

The first step of the onboarding wizard prompts you to add your first site. Start by giving it a name. This can be anything you like, but let's go with Vulnerable Website for this example.

Adding a new site

The Site URL is the URL from which all scans of this site start. Any sub-paths of the URL are included in the scope of the scan by default. Enter vulnerable-website.com. This is a demo website with a few intentional vulnerabilities.

Note

Using Burp Scanner may have unexpected effects on some applications. Until you are fully familiar with its functionality and settings, you should only run scans against non-production systems. Do not run scans against third-party websites unless you have been authorized to do so by the owner.

For the scan configuration, you can choose from four preset modes that let you adjust the balance of speed and coverage. For this scan, let's select Lightweight. The lightweight mode completes within 15 minutes.

Leave all the other options as their defaults and click Next: Create a scan.

Step 2: Schedule a scan

You're now presented with various options for scheduling and configuring a scan of the site. Leave all of the options as their defaults and click Finish. This schedules a one-off scan to run immediately.

Note

You can easily return to your site to set up regular scheduled scans. For more information, see Managing scheduled scans.

Step 3: Monitor the scan's progress

To monitor the scan's progress, click View my scans. You can then see your scan and some basic information about it, including the current status. While the scan is being initialized, the status shows as Queued.

A minute or two after the scan begins running, color-coded icons appear in the Issues column. These indicate the number of security issues found by the scan for different severity levels.

Monitoring the scan's progress

Step 4: View more details

You can click on the individual scan to view more details about it. On the Timeline tab, you can monitor the scan progress, and see an estimate of the time remaining. You can also see issues as they're discovered in real time. Use the Issues tab to see more details about an issue, we'll look closer at this tab in the next tutorial once the scan has finished.

Viewing the progress bar

Next step - Analyze the results of your scan

Was this article helpful?