Last updated: May 17, 2022
Read time: 3 Minutes
You can click on any site to view more details. Within a site, the following tabs are available.
The site-level dashboard shows various metrics specific to the site. For example, you can see the current status of scans for the selected site, as well as trend charts for the most recent scans so you can keep track of how your security posture is improving over time.
The New and resolved issues chart shows the number of issues that are new, resolved, and regressed as compared to the previous scan. This enables you to monitor your progress over time.
You can hover over different areas of the charts to get more information. Clicking on some of them allows you to drill down into the results. For example, clicking on an issue severity in the Current issues chart opens the Issues tab, filtered based on the selected severity. To download charts in
PNG format, click the three vertical dots in the upper-right corner of the chart.
The Scans tab shows a list of scans that have been performed on the site. This includes key information, such as the current status of each scan and how many issues were found by this scan for each severity level. You can click into each scan to open the scan details.
Depending on your permissions, you can also perform the same actions on scans as you can from the main Scans page.
The scheduled scans tab allows you to create or edit a scheduled scan.
The Issues tab shows all issues from the latest scan of the site. Issues are grouped by their type. The number next to each issue indicates the number of instances of this issue type that were found. You can expand any issue type to see the individual URLs where this issue type was found.
Clicking the URL opens the issue details page, which provides an issue description, remediation advice, as well as the HTTP request and response where the issue was found. You can also mark the issue as a false positive.
You can download the issues list as a
CSV file in order to continue analyzing the data in another application, for example.
The Details tab lets you view and edit the site's configuration, such as which folder it belongs to, which URLs are included, and so on. The following details are displayed:
Site details shows the following information:
- Details of the folder the site is in, if applicable.
- The URL of the site.
- The scanning machine pool that the site is assigned to.
The Advanced settings shows you which URLs are included in the site scans, and which are excluded:
- Include URLs is a list of URLs that belong to the site. They are scanned along with the main URL.
- Exclude URLs is a list of URLs that you want scans of the site to skip.
This shows you which protocols are used when scanning your site's URLs. This can be set to scan all URLs using HTTP and HTTPS, or to use protocols that you specify. Any URLs for which no protocol is specified are scanned using HTTP and HTTPS.
Application logins shows you the login credentials for the site.
Default scan configurations
Burp Suite Enterprise Edition allows you to choose from a list of built-in scan configurations, or even to create custom configurations. This field shows you which scan configuration is selected. If no configuration is selected, the scanner will use its default settings.
If you apply an extension, it will be used during all scans of the site. This enables you to implement additional, custom capabilities, such as new scan checks. You can only select extensions that have been added to your organization's extension library.
Send scan notifications to Slack
This field shows you if you have any Slack notifications set up for the site.