Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Burp Suite Enterprise Edition

Classic - Overview

Flexibility to suit your organizations application portfolio

humans using burp suite enterprise for classic

How does it work?

When you subscribe using the Classic option, you start by defining how many applications you would expect to scan simultaneously within any period (concurrent scans). This number is generally selected upfront based on the predicted requirement and can be adjusted as needed throughout your contract.

As with every Burp Suite Enterprise Edition subscription, there's no limit to the number of domain names/URLs you can scan or the number of users you can add. The scan results you produce all come with actionable remediation advice - so you don't need to be a security expert to fix the vulnerabilities you find.

If you have any questions about Enterprise Edition's Classic model, our team are happy to help. Get in touch with them at hello@portswigger.net.

burp suite enterprise edition subscription models classic

An asset to any Application Security team

Our longest-standing subscription option has been a staple for many organizations since the release of Burp Suite Enterprise Edition. Classic is usually the best option if you have regular scanning requirements and have a clear view of how many applications and how often you need to scan them.

"The ideal option for organizations with regular scheduled scanning requirements"

PortSwigger hosted - Classic subscription price breakdown

To demonstrate how Classic can save you money on your Burp Suite Enterprise Edition subscription, we've created an illustrative example. All the prices referred to here are available on Burp Suite Enterprise Edition's Pricing page.

Imagine that your organization has twenty critical web applications that it needs to scan to ensure application security visibility. Generally, organizations using Burp Suite would scan any critical web applications at multiple times per month. Here, we'll take this as a benchmark.

For the sake of this example, let's assume that all of your web applications are reasonably complex, and that it takes Burp Suite Enterprise Edition two hours to perform a deep scan of each one.


Classic subscription breakdown

PAYS subscription breakdown

Type Fixed

Classic subscription breakdown $9,999 - 1 year Classic subscription (including 1 concurrent scan).

PAYS subscription breakdown $3,600 - 1 year Pay as you scan subscription

Type Variable

Classic subscription breakdown


  • 4 additional concurrent scans
  • $4,999 per additional concurrent scan

Total: $19,996

PAYS subscription breakdown


  • 1440 hours of total annual scan time
  • 20 applications
  • 2 hours per scan ($25 per hour)
  • 3 scans per month per application

Total: $36,000

Type Total

Classic subscription breakdown $29,995

PAYS subscription breakdown $39,600

"For regular scanning, Classic provides much better value for money then usage based models"

Summary - save money when you have well-defined scanning requirements

The example above demonstrates that if your scanning requirements are mature, Burp Suite Enterprise Edition's Classic subscription option will likely be the most cost-effective. This will be ideal in many scenarios where organizations use dynamic (DAST) scanning to help achieve compliance or have well-defined application security needs.

Classic includes excellent features that every Burp Suite Enterprise Edition subscription comes with as standard. You can scan whichever domain names / URLs you want (without "locking in" certain ones) and add unlimited users.

Contact our team using the option below to learn how to license Burp Suite Enterprise Edition with the Classic subscription option.