Product roadmap

Burp extensions

New feature

By popular demand, customize Burp Suite Enterprise Edition using over 250 BApp extensions including custom builds.

Browser-powered scanning by default

New feature

Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. Enabled by default.

Integrated SCA capabilities

New feature

Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities.

More enterprise integrations

Feature enhancement

Integrate scanning into GitHub and Azure DevOps pipelines, adding to Burp Suite's range of out-of-the-box CI/CD connectors.

Extended agent capabilities

Feature enhancement

Ensure scans are carried out using the most suitable agents - based on network location, system resources, or other factors.

Increased cloud friendly capabilities

Feature enhancement

Further developed features to allow for a fully-flexible cloud-based scanning service. This will include automatic scaling of scanning resources (agents) and hourly metered billing.

API scanning: first phase

Done

Enumerate API endpoints to scan APIs across your application portfolio; process OpenAPI (Swagger) definitions.

Cloud functionality

Done

Burp Suite Enterprise Edition now has beta cloud functionality, via native deployment on both AWS and Azure platforms.

Browser-powered scanning enhancements

Done

Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.

Single sign-on

Done

Configure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. Use single sign-on to remove the need to create and manage users.

Read all release notes

Recorded login sequences

Done

Authenticate to any application by recording complex login sequences with a browser plugin. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on.

Scan configuration libraries

Done

View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting.

GraphQL-based API

Done

Expose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and agent management.

Improved SSO functionality

Done

Enable single sign-on via Active Directory using SAML, in addition to the previously existing single sign-on functionality using LDAP.

Workflow improvements

Done

Streamline post-scan tasks by downloading detailed scan reports, automating email function for end-of-scan summary reports, and automating Jira ticket creation.

Improved user interface

Done

Extensive UI upgrades have been introduced, including navigation changes, overall look-and-feel, and more intuitive in-product workflows.