New feature
Burp Scanner will check for a number of security vulnerabilities relating to JSON Web Tokens (JWT).
Feature enhancement
New dashboard widgets providing additional data and views. We will also provide new ways of configuring and sharing dashboards.
Feature enhancement
Integration of GitHub issue tracking with Burp Suite Enterprise Edition, to sit alongside existing integrations with other issue tracking systems.
Feature enhancement
Make config changes at folder level, as a bulk action in the UI. Reconfigure all the sites in a particular folder - for scan configuration, scanning machine pools, extensions used, etc.
New feature
New deployment options based around the use of Docker will greatly simplify the use of browser-powered scanning on Linux.
Feature enhancement
Replay and view recorded login (authenticated scanning) sequences executed during scans, to check for issues during the login process.
Feature enhancement
Addition of support for popup page elements when using Burp Scanner's recorded login (authenticated scanning) feature.
New feature
Burp Scanner will automatically audit in-scope API requests that are issued from client-side JavaScript using XHR and Fetch.
New feature
Following on from Burp Suite Enterprise Edition's Kubernetes deployment, which features automatic scaling of scan resources, we will introduce hourly metered billing.
Feature enhancement
Fine-tuning of Burp Scanner, to optimize its performance when scanning sites built using React or AngularJS.
Feature enhancement
Further optimized performance in default settings - to enable faster scans without compromising coverage.
Done
Burp Suite Enterprise Edition now has a Kubernetes deployment option available, using a Helm chart. This enables auto-scaling of scanning resources.
Done
Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. Enabled by default.
Done
Burp Scanner can now detect injection into a wider range of templating engines, and will employ OAST techniques to detect blind SSTI.
Done
We have improved the placement and encoding of scan payloads within JSON and XML data structures.
Done
Burp Scanner now detects and interacts with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms.
Done
Ensure scans are carried out using the most suitable scanning machines - based on network location, system resources, or other factors.
Done
Enumerate API endpoints to scan APIs across your application portfolio; process OpenAPI (Swagger) definitions.
Done
Display scanned URLs as a tree, to make site structure easier to see. We've also improved navigation through the UI, as well as product look and feel.
Done
Configure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. Use single sign-on to remove the need to create and manage users.
Read all release notesDone
Burp Scanner can now report new classes of HTTP/2-specific vulnerabilities.
Done
Burp Suite Enterprise Edition now supports issue tracking integration using Slack, Trello, and GitLab.
Done
By popular demand, you can now customize Burp Suite Enterprise Edition using extensions.
Done
Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities.
Done
Authenticate to any application by recording complex login sequences with a browser plugin. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on.
Done
View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting.
Done
Expose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and scanning machine management.
Done
Burp Scanner now handles navigational actions that cause DOM updates without a synchronous request to the server, allowing better handling of single-page applications.
Done
Report scan results against compliance frameworks - such as PCI DSS, OWASP Top 10, etc.
Done
We now provide support for user management via SCIM (System for Cross-domain Identity Management), for integration with Okta and OneLogin.
Done
You can now import sites from CSV files, apply scan configurations and application logins across a group of sites, and cancel/delete selected scans - all through the UI.
Done
Support for site-driven scans within CI/CD plug-ins - and the ability to download end of scan reports. Set parameters for determining when a build fails.
Done
Enable single sign-on via Active Directory using SAML, in addition to the previously existing single sign-on functionality using LDAP.
Done
Streamline post-scan tasks by downloading detailed scan reports, automating email function for end-of-scan summary reports, and automating Jira ticket creation.
Done
Extensive UI upgrades have been introduced, including navigation changes, overall look-and-feel, and more intuitive in-product workflows.
Done
Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.
See more customer stories![]()
We use Burp Suite Enterprise Edition because of the ease of use, the cost, the straightforward implementation, the useful results, and the accuracy - results when compared to more expensive tools are very similar. Source: TechValidate survey of PortSwigger customers
Douglas R. Lomsdalen
CISO