The quick scan of the dummy site should only take a few minutes to run. The scan results are updated in real time while the scan is running. Once it's finished, the status will change to "Completed". Now that you have some results, we can take a look and see what the scan managed to find.
You can find scan results in a few different ways. The "Sites" page shows an overview of how many issues of each severity were found for each site. This is the total of all scans on that site. The "Scans" page shows the same information, but broken down into the issues found by each individual scan.
To drill down into the scan results and analyze the data properly, click on a scan to open the scan details page.
You can see a list of all issues found by the scan on the "Issues" tab. Issues are grouped by their type. You can select various filter options to show issues based on their severity, confidence level, and whether they are new or regressed issues.
If only one issue was found of a particular type, you can click on the issue type to view the more details. If multiple issues were found of this type, you need to expand the issue type and click on the URL where the issue was found. Let's take a look at one of the issues from our dummy site.
The "Scanned URLs" tab provides another entry point for analyzing scan results. You can see each URL path that was scanned and investigate any errors that occurred at a given URL. The "More details" tab shows key information about the scan itself.
As with any automated scanning tool, occasionally issues will be highlighted that, after manual inspection, you might decide are not relevant after all. You can mark issues as false positives so that they are removed from any statistics and reports that you generate in Burp Suite Enterprise Edition.
Once you've run several scans for a site, the dashboards will show various charts and metrics about your security posture. The home page shows a dashboard to give you an overview of your entire range of sites and scans, but individual folders and sites also have their own dashboards to show more granular data.
Some of the charts in the dashboards are interactive, so you can hover the mouse over them to see more information. You can even click on them to drill down into the data and navigate directly to the relevant page for investigating further.
By clicking the three dots in the upper-right corner of a chart, you can also choose to download it in either
You have now completed the basic setup of your Burp Suite Enterprise Edition trial and seen how to add sites and create scans. The next step is to add some of your own sites to scan. Or, if you'd prefer, we've provided some more dummy sites that you can use for testing:
Once you're confident with the basic workflow, you can move on to some of the additional steps to configure your trial to be as close to your real use cases as possible.