Frequently asked questions

Burp Suite Enterprise Edition is an automated web vulnerability solution, designed to enable enterprises to scale scanning across their web portfolios.

Burp Suite Enterprise Edition scales dynamic vulnerability scanning across your entire web portfolio, by:

• Scheduling scans to run on a recurring basis. With a range of out-of-the-box scan configurations you can set up scans with a simple point-and-click. All Burp Suite Enterprise Edition needs is a URL.

• Embedding dynamic scans into the software development lifecycle (SDLC). It integrates into CI/CD toolchains and adds critical vulnerabilities to bug tracking systems, such as Jira, so that software development teams can handle critical security vulnerabilities like any other bug.

• Delivering rich reporting so that your organizations can access your security posture in real-time across your entire web application estates. Role-based access control ensures the right people can see security posture for the whole or part of the organization for which they're responsible.

Burp Suite Enterprise Edition is different from any other automated web vulnerability scanner.

• Burp Suite Enterprise Edition leverages the same tried, tested, and trusted Burp Scanner that is used in our Burp Suite Professional product, which is used by over 50,000 security engineers protecting the world's largest organizations.

• We enable you to scan it all! Near infinite scalability means you don't have to prioritize which web application you scan based on time or budget constraints. You don't pay per URL, making it an extremely flexible solution for growing enterprises.

• Advance your security posture as you move toward DevSecOps with out-of-the-box and custom connections to CI/CD and bug tracking systems, letting you build security into every step of your SDLC. By scanning for vulnerabilities early and frequently, you can eliminate the headaches of late testing.

Burp Suite Enterprise Edition is used by over 550 organizations globally including some of the world's largest corporations. This includes companies like Cisco, Wells Fargo, Fidelity, PayPal and NASA. To learn more about who uses Burp Suite Enterprise Edition and the benefits they achieve, read our Customer Success Stories.

Burp Suite Enterprise Edition is used both by companies with secure application security practices and those that haven't previously had much investment in application security.

This includes many of the largest companies in the world and medium-sized companies that are looking to protect their business.

Organizations with mature application security practices use Burp Suite Enterprise Edition to free their AppSec team's time, better support software development, and achieve DevSecOps.

Organizations that don't have AppSec teams and have typically relied on infrequent external penetration testing, are using Burp Suite Enterprise Edition to implement regular, recurring vulnerability scans across their portfolio. The product is helping them to reduce the cost of penetration testing processes and reduce the risk of being hacked.

Burp Suite Enterprise Edition is a separate product to Burp Suite Professional.

Burp Suite Enterprise Edition enables companies to automate dynamic scans across their entire web portfolios. With Burp Suite Enterprise Edition, you can schedule scans to run on a regularly recurring basis and integrate them, via CI, directly into software development processes. This degree of automation enables you to scan it all!

Burp Suite Enterprise Edition is designed to serve all users, including Application Security practitioners and those that aren't web security experts, including software teams, CISOs, and other stakeholders. As such, PortSwigger launched Burp Suite Enterprise Edition to make sure the product was accessible and appropriate for these users.

Burp Suite Professional, by contrast, is the leading toolkit for Application Security Testing. It is used by web security practitioners including penetration testers, security engineers, and bug bounty hunters, to test, find, and exploit vulnerabilities.

To see the differences between Burp Suite Enterprise Edition and Burp Suite Professional, visit our product comparison page.

At PortSwigger, we aim to enable the world to secure the web. One way to achieve this is by offering Burp Suite Enterprise Edition at an accessible and scalable price point. Unlike other scanners that charge per web application, Burp Suite Enterprise Edition is priced based on the number of concurrent scans you need to run (your concurrent scan limit). Concurrent scans can be assigned and reassigned to as many URLs as you need.

At any time during your license period, you can also add more concurrent scans to your subscription, which are charged pro-rata, to scale to your scanning needs.

For additional information on pricing, check out our Orders and Licensing FAQs.

If you want a quick quotation and you know how many concurrent scans you need, you can generate your own quotation here: Calculate your quote today.

To further simplify the introduction of Burp Suite Enterprise Edition into your organization, you can share this introduction letter with your decision makers.

If you need help determining the right number of concurrent scans for your business, or you'd like support in your evaluation and purchase, please get in touch with our customer happiness team today, on hello@portswigger.net.

If you are running a single deployment of Burp Suite Enterprise Edition, you will only need one license, regardless of how many concurrent scans you require.

If you want to run Burp Suite Enterprise Edition in multiple environments, you will need to purchase a separate license for each environment. This applies to test, development, or staging environments, for example.

If you'd like support with understanding your licensing requirements, please get in touch with our customer happiness team today, on hello@portswigger.net.

No, you do not need to buy professional services to implement Burp Suite Enterprise Edition. We provide great customer and technical support to over 13,000 organizations worldwide.

We have two fantastic and dedicated support teams, who are on a mission to help you get started and see maximum value throughout your Burp Suite experience.

Technical support provides web-based support with a 24-hour (Monday to Friday) SLA. Our Customer Happiness team can help you make the most of Burp Suite Enterprise Edition.

Learn more about how we can support you.

Read through our preparation guidelines to learn more about the technical requirements and deployment options for Burp Suite Enterprise Edition.

We are investing in Burp Suite Enterprise Edition and regularly release new versions.

See our Release Notes for new features and updates already in the product, or check out the Product Roadmap to learn about what is coming next.

We are here to help. For additional information you can visit our Support Center, access technical documentation or get in touch with our Customer Happiness team at hello@portswigger.net. We look forward to speaking with you.