Enterprise Edition
Burp Suite Enterprise Edition user guide
-
Last updated: October 31, 2024
-
Read time: 3 Minutes
Welcome to the Burp Suite Enterprise Edition user guide. This guide explains how to set up users, sites, and scans so that you can get your scanning workflow up and running. It also gives a comprehensive overview of Burp Suite Enterprise Edition's other features, including CI/CD integration, issue tracking, and more.
Note
This guide assumes that you have already set your Burp Suite Enterprise Edition up and have access to the UI. If your organization has not yet set Burp Suite Enterprise Edition up, see Setting up Burp Suite Enterprise Edition.
Getting started with Burp Suite Enterprise Edition
Before you can get scanning, there are a few things you'll need to configure. Follow the steps below to get up and running:
Step 1: Set up your users
Managing permissions in this way makes it easy for you to give users the access they need. For example, you could set up separate roles for your security, IT infrastructure, and management teams, each with their own combination of permissions.
Related pages
Step 2: Add the sites you want to scan
All Burp Suite Enterprise Edition scans require a target site. You can configure a wide range of settings to determine how each of your sites should be scanned, including:
Which of the site's URLs should be scanned and which (if any) should be excluded from scans.
The login mechanisms Burp Scanner should use to access your site.
Whether Burp Suite Enterprise Edition should send any automated notifications when scanning the site.
You can set up unlimited sites at no additional cost.
Related pages
Step 3: Set up a scan configuration
In Burp Suite Enterprise Edition, a scan configuration is a set of predefined settings that determine how scans should be performed on a particular site. For example, a scan configuration can specify the maximum link depth of the crawl, or what types of issues to report.
You can either select a predefined scan configuration or create your own for each of your sites.
Related pages
Step 4: Schedule your scans
Scheduling regular scans is the best way to see changes in your security posture and identify areas for improvement. Scans that run at set intervals with the same configuration are easier to compare than one-off scans. They help you to see how changes to your sites affect the vulnerabilities you find.
You can set up unlimited sites and run unlimited scans in Burp Suite Enterprise Edition at no extra cost.
Related pages
Step 5: View scan results
Burp Suite Enterprise Edition makes it easy for you to track your scanning progress over time. You can also view details of individual issues, and raise tickets in third-party issue tracking systems if you have set up the relevant integrations.
Related pages
What else can I do with Burp Suite Enterprise Edition?
Burp Suite Enterprise Edition offers a wide range of additional features, enabling you to: