Your agentic AI partner in Burp Suite - Discover Burp AI now           
Read More
Portswigger Logo
Burp Suite DAST The enterprise-enabled dynamic web vulnerability scanner.
Burp Suite Professional The world's #1 web penetration testing toolkit.
Burp Suite Community Edition The best manual tools to start web security testing.
View all product editions
Burp Scanner Burp Suite's web vulnerability scanner Featured Article
Attack surface visibility Improve security posture, prioritize manual testing, free up time.
CI-driven scanning More proactive security - find and fix vulnerabilities earlier.
Application security testing See how our software enables the world to secure the web.
DevSecOps Catch critical bugs; ship more secure software, more quickly.
Penetration testing Accelerate penetration testing - find more bugs, more quickly.
Automated scanning Scale dynamic scanning. Reduce risk. Save time/money.
Bug bounty hunting Level up your hacking and earn more bug bounties.
Compliance Enhance security monitoring to comply with confidence.
View all solutions
Burp Scanner Burp Suite's web vulnerability scanner Featured Article
Research Academy
Support Center Get help and advice from our experts on all things Burp.
Documentation Tutorials and guides for Burp Suite.
Get Started - Professional Get started with Burp Suite Professional.
Get Started - Enterprise Get started with Burp Suite Enterprise Edition.
User Forum Get your questions answered in the User Forum.
Downloads Download the latest version of Burp Suite.
Visit the Support Center
Downloads Download the latest version of Burp Suite Featured Article
Product Overview Request a demo Pricing
Explore Burp Suite DAST
Resources
Prepare to set up
Product Overview
Burp Suite DAST

Scale your AppSec, unburden your security team

Automated DAST scanning without limits. Built on the Burp technology your security teams already trust.
Built on the same battle-hardened Burp Suite technology your security teams already trust.
Seamlessly scale your AppSec, making better use of your manual testers' time and expertise.
Secure your apps and APIs across the SDLC, before they hit production.
Portswigger Culture Hero Image

"By partnering with PortSwigger and adopting Burp Suite's DAST solution, we are able to satisfy regional security requirements across multiple countries at scale, through automation, and with the lowest false positives."

Source: Alijohn Ghassemlouei, Senior Director of Engineering, Sovereign Cloud at SAP.
image

Secure your whole web portfolio

Scale without resource limitations. Automate trusted dynamic scans right across your portfolio.
image

Integrate security with development

Remove bottlenecks. Integrate dynamic scanning, see fewer false positives, and avoid alert fatigue.
image

Free time for AppSec to do more

Contribute without constraining development. DevSecOps frees AppSec time to do more.
image

Secure your whole web portfolio

Set up with ease, report with simplicity

Perform recurring dynamic (DAST) scans across thousands of sites. Use bulk actions to manage scanning at scale, or set sites up individually; all you need is a URL.

Make your security posture visible

Intuitive dashboards help to identify trends over time. Get scan reports by email, export to other tools, and produce reports for individual compliance standards.

DevSecOps integration

Easy integration with any CI/CD platform, native support for Jira, GitLab, and Trello, and a rich GraphQL API - to easily incorporate security within your existing software development processes.

Reduce risk without increasing costs

Subscription options that enable companies of any size to scan at scale. Maximum ROI - with no strings attached.
Portswigger Culture Hero Image
image

Integrate security with development

Set up with ease, report with simplicity

Perform recurring dynamic (DAST) scans across thousands of sites. Use bulk actions to manage scanning at scale, or set sites up individually; all you need is a URL.

Make your security posture visible

Intuitive dashboards help to identify trends over time. Get scan reports by email, export to other tools, and produce reports for individual compliance standards.

DevSecOps integration

Easy integration with any CI/CD platform, native support for Jira, GitLab, and Trello, and a rich GraphQL API - to easily incorporate security within your existing software development processes.

Reduce risk without increasing costs

Subscription options that enable companies of any size to scan at scale. Maximum ROI - with no strings attached.
Portswigger Culture Hero Image
image

Free time for AppSec to do more

Free time to eliminate vulnerabilities

Always-on scanning keeps your reports up to date. Prioritize vulnerabilities using filters to deal with them effectively.

Work with Burp Scanner

Gold standard scanning, powered by PortSwigger Research  and trusted at over 17,000 organizations worldwide. With remediation for every vulnerability you find, it's designed to scan the modern web.

Customize and control

Take control with custom scan configurations and Burp extensions (BApps) - to help you hunt down even the trickiest bugs while minimizing false positives.
Portswigger Culture Hero Image
image

Powered by Burp Suite technology trusted at over 17,000 organizations worldwide

The same Burp Scanner you know and love - scaled for the enterprise. Driven by PortSwigger's world-leading cybersecurity research team, it can find everything from classic bugs to the very latest vulnerabilities.

Burp Scanner's dynamic (DAST) approach maximizes coverage, while minimizing false positives, without the need to instrument code. In fact, it's capable of finding many critical vulnerabilities that even an experienced manual tester could miss.
image

"Burp Suite DAST frees our AppSec team to spend their time where it's most valuable."

Source: Customer case study - California Polytechnic State University
image Autotrader image image image

Features

Pricing

Resellers