Burp Suite Enterprise Edition plans

We host. No installation required. You host in your own environment. Learn more

Run scans quickly and easily with Burp Suite Enterprise Edition, hosted in PortSwigger's secure cloud. No requirements for provisioning infrastructure, installing software, and paying for running costs. Focus on locating and remediating vulnerabilities so you can maintain the ongoing security of your web application portfolio.

If you have a requirement to scan internal, non-public-facing applications, self-hosted local scanning resources can be connected to your Cloud instance as needed.

Standard instance (on-premise, virtual machines, public cloud e.g. AWS) - An installer-based deployment of Burp Suite Enterprise Edition, either on single-machine or multi-machine architecture, depending on the scanning requirements of your organization. Scale the number of concurrent scans as your application portfolio grows, integrate with existing security workflows, automate comprehensive vulnerability scans, and provide actionable insights for remediation.

Kubernetes instance - Easily deploy Burp Suite Enterprise Edition to any Kubernetes cluster via a Helm chart. This enables auto-scaling of scanning resources, which can help to reduce infrastructure costs and maintenance effort - especially for larger deployments.

Pay as you scan

  • Usage-based pricing
  • Unlimited applications
  • Unlimited users

$3,600 $1,999

Per year

+ $25 per hour scanned

+ $9 per hour scanned

Ideal for organizations just beginning their security journey

See the full breakdown


  • Choose your concurrent scan limit
  • Unlimited applications
  • Unlimited users

$54,990* $19,121*

Per year

*based on 10 concurrent scans

*based on 20 concurrent scans

Ideal for organizations that know their scanning requirements

See the full breakdown


  • Unlimited concurrent scans
  • Unlimited applications
  • Unlimited users

$249,999 $49,999

Per year

Ideal for organizations with DevSecOps requirements

See the full breakdown
How many concurrent scans do I need?

It all depends on the size of your organization, and how secure you aim to be.

Companies with large web portfolios that they need to scan frequently will need more scanning resources than small companies just starting out with automated scanning.

Unlike most automated web vulnerability scanners, Burp Suite Enterprise Edition scans can be assigned and reassigned across any websites, applications, or URLs.

Included with every subscription

Every plan is fully-featured. That means no application limits - and unlimited users.

  • 1 Burp Suite Enterprise Edition server
  • Unlimited users
  • Proven Burp Suite scanning engine with browser-powered scanning
  • Single-sign on and role-based access controls
  • Scheduled, recurring, and triggered scans
  • Technical support with 24 hour SLA
  • Comprehensive technical documentation and tutorial videos
  • Summary dashboard and reporting
  • Reassign scans to suit your requirements
  • REST and GraphQL APIs
  • CI/CD platform integration
  • Bug and ticket systems - e.g. Jira
  • Out-of-the-box scan configurations
  • API scanning
  • Recorded login sequences

Need help?

Get in touch to discuss our plans and your requirements in more detail.

Contact us