Create a quick scan
In the next step of the wizard, you will be prompted to schedule a scan of the site you just created. Let's create a quick, one-time scan of the site so that we have some results to work with.
- Select the relevant options to start the scan "As soon as possible" and "Run once".
- Notice that the default scan configuration that you set when creating the site is already selected. If you wanted to create a different type of scan, you could replace or add to this configuration. For now, we'll just leave the default "Crawl strategy - fastest".
- When you're done, click "Finish". The initial setup is complete and your quick scan should already be running. You have various options of what you can do next, but for now, click "View my scans" to open the "Scans" page.
- You should see your new scan in the list. Initially, the status might say "Waiting for agent", but after a few seconds this should change to "Scanning".
Before we create a second scan, let's take a moment to talk about what an "agent" is. In Burp Suite Enterprise Edition, your automated scans are performed by virtual entities known as "agents". Each agent can only perform a single scan at a time. Therefore, to perform multiple scans simultaneously, you need multiple agents. You don't need to worry too much about this for now. All you need to know is that once you schedule a scan, it will be performed by the next free agent. Your trial license includes 30 agents automatically, which means you'll be able to perform up to 30 concurrent scans once you assign them to machines.
As we only need one agent for the moment, we'll talk about assigning more agents later.
Schedule a recurring scan
While we wait for the quick scan to finish, let's set up a recurring scan. Recurring scans are useful for generating plenty of data so that you can keep track of how your security posture is improving over time. Let's schedule a more thorough daily scan of our dummy site.
- On the "Scans" page, in the upper-right corner, click the "New scan" button to open the scan creation page. Alternatively, you can select "Scans" > "Create a new scan" from the navigation bar at the top of the screen.
- Under "Site", select the dummy site that we created earlier.
- Select the relevant options to schedule the scan for 12:00 AM and to repeat the scan every day. Leave the default option to repeat the scan indefinitely.
- Under "Scan configurations", the default scan configuration is still selected. This time, we want to override this to create a more thorough scan. Hover the mouse over "Crawl strategy - fastest" and click the delete icon that appears.
- From the drop-down list, select both "Audit coverage - maximum" and "Crawl strategy - most complete".
- When you're done, click "Save". You have now scheduled a detailed scan to run at midnight every night.
On the "Scans" page, the recurring scan should appear in the list with the status "Scheduled". Later, you can create a similar scan for your own sites so that every morning you will have the results of the scan ready to analyze. For example, you can see how many issues the developers were able to resolve the previous day.
By now, the quick scan might also have finished.
Once your scan has finished, you can move on to processing the results.