Product roadmap

Burp extensions

New feature

By popular demand, customize Burp Suite Enterprise Edition using over 250 BApp extensions including custom builds.

Bulk operations

New feature

Import sites from CSV files, apply scan configurations and application logins across a group of sites, and cancel/delete selected scans - all through the UI.

Browser-powered scanning by default

New feature

Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. Enabled by default.

Improved SPA scanning

Feature enhancement

Burp Scanner will handle navigational actions that cause a DOM update without a synchronous request to the server, allowing better handling of single-page applications.

Integrated SCA capabilities

New feature

Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities.

Audit of asynchronous traffic

New feature

Burp Scanner will automatically audit in-scope API requests that are issued from client-side JavaScript using XHR and Fetch.

Improved user experience

Feature enhancement

Display scanned URLs as a tree, to make site structure easier to see. We'll also be improving navigation through the UI, as well as product look and feel.

Improved navigational coverage

Feature enhancement

Burp Scanner will detect and interact with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms.

Extended agent capabilities

Feature enhancement

Ensure scans are carried out using the most suitable agents - based on network location, system resources, or other factors.

Increased cloud friendly capabilities

Feature enhancement

Further developed features to allow for a fully-flexible cloud-based scanning service. This will include automatic scaling of scanning resources (agents) and hourly metered billing.

More enterprise integrations

Feature enhancement

Integrate scanning into GitHub and Azure DevOps pipelines, adding to Burp Suite's range of out-of-the-box CI/CD connectors.

Improved CI/CD integrations

Feature enhancement

Support for site-driven scans within CI/CD plug-ins - and the ability to download end of scan reports. Set parameters for determining when a build fails.

API scanning: first phase

Done

Enumerate API endpoints to scan APIs across your application portfolio; process OpenAPI (Swagger) definitions.

Cloud functionality

Done

Burp Suite Enterprise Edition now has cloud functionality available, via native deployment on both AWS and Azure platforms.

Browser-powered scanning enhancements

Done

Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.

Single sign-on

Done

Configure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. Use single sign-on to remove the need to create and manage users.

Read all release notes

Recorded login sequences

Done

Authenticate to any application by recording complex login sequences with a browser plugin. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on.

Scan configuration libraries

Done

View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting.

GraphQL-based API

Done

Expose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and agent management.

Improved SSO functionality

Done

Enable single sign-on via Active Directory using SAML, in addition to the previously existing single sign-on functionality using LDAP.

Workflow improvements

Done

Streamline post-scan tasks by downloading detailed scan reports, automating email function for end-of-scan summary reports, and automating Jira ticket creation.

Improved user interface

Done

Extensive UI upgrades have been introduced, including navigation changes, overall look-and-feel, and more intuitive in-product workflows.