DASTProfessional

Custom scan configurations

• Last updated: August 28, 2025

• Read time: 2 Minutes

Both Burp Suite DAST and Burp Suite Professional enable you to use custom scan configurations, giving you fine-grained control over Burp Scanner's behavior. You can use custom configurations in several ways:

• Use one of the configurations from the configuration library.
• Create an entirely new configuration.
• You can import a configuration from another installation of Burp Suite DAST or Burp Suite Professional.

Scan configuration structure

There are two options that can feature in a custom scan configuration:

• Crawl options control Burp Scanner's behavior during the crawl phase of the scan. This enables you to specify details such as the maximum crawl length and how errors are handled when crawling.
• Audit options control Burp Scanner's behavior during the audit phase of the scan. This enables you to specify details such as the types of issues reported and the insertion point types used.

The crawl and audit options are virtually identical for both Burp Suite Professional and Burp Suite DAST. The scan configurations themselves vary slightly in structure between the two products:

• Burp Suite Professional scan configurations can either contain crawl or audit options, but not both. To specify both crawl and audit options in Burp Suite Professional, you need to create and select separate configurations.
• Burp Suite DAST scan configurations can contain both crawl and audit options. These configurations have additional options, some of which are unique to Burp Suite DAST.

Combining custom configurations

Both Burp Suite DAST and Burp Suite Professional enable you to combine custom configurations together in a list. This includes built-in configurations, and any custom configurations that you create. Combining scan configurations enables you to tune Burp Scanner's behavior for certain sites and use cases.

Setting scan configurations for folders

In Burp Suite DAST, you can set scan configurations for folders, subfolders, and sites. Subfolders and sites inherit the scan configurations from their parent folders. To learn how these scan configurations are combined by Burp Scanner, see Defining the scan configuration for a folder.