Burp Suite Enterprise Edition

Product roadmap

We've got big plans for the road ahead - and we're sure you do too.

roadmap for Burp Suite Enterprise Edition product development

Roadmap for Burp Suite Enterprise Edition

Bulk operations

New feature

Import sites from CSV files, apply scan configurations and application logins across a group of sites, and cancel/delete selected scans - all through the UI.

Dashboard improvements

Feature enhancement

We will add new dashboard widgets providing additional data and views. We will provide new ways of configuring and sharing dashboards.

Server-side template injection

Feature enhancement

Burp Scanner will detect injection into a wider range of templating engines, and will employ OAST techniques to detect blind SSTI.

Payloads within data formats

Feature enhancement

We will improve the placement and encoding of scan payloads within JSON and XML data structures.

Browser-powered scanning by default

New feature

Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. Enabled by default.

Single sign-on via SCIM

Feature enhancement

We will provide support for user management via SCIM (System for Cross-domain Identity Management), for integration with Okta and Azure Active Directory. SSO already available via Active Directory using SAML, and LDAP.

Issue-tracking integrations

Feature enhancement

Work is progressing on integrating additional systems for issue tracking, including GitHub and Azure DevOps.

Audit of asynchronous traffic

New feature

Burp Scanner will automatically audit in-scope API requests that are issued from client-side JavaScript using XHR and Fetch.

Compliance reporting

New feature

We will support reporting of scan results against compliance frameworks - such as HIPAA, PCI, etc.

Increased cloud friendly capabilities

Feature enhancement

Further developed features to allow for a fully-flexible cloud-based scanning service. This will include automatic scaling of scanning resources (agents) and hourly metered billing.

Improved scan speed

Feature enhancement

We will further optimize performance in default settings, to enable faster scans without compromising coverage.

HTTP/2-specific vulnerability reporting


Burp Scanner can now report new classes of HTTP/2-specific vulnerabilities.

Improved navigational coverage


Burp Scanner now detects and interacts with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms.

Extended agent capabilities


Ensure scans are carried out using the most suitable agents - based on network location, system resources, or other factors.

API scanning: first phase


Enumerate API endpoints to scan APIs across your application portfolio; process OpenAPI (Swagger) definitions.

Cloud functionality


Burp Suite Enterprise Edition now has cloud functionality available, via native deployment on both AWS and Azure platforms.

Single sign-on


Configure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. Use single sign-on to remove the need to create and manage users.

Improved user experience


Display scanned URLs as a tree, to make site structure easier to see. We've also improved navigation through the UI, as well as product look and feel.

Read all release notes

Burp extensions


By popular demand, you can now customize Burp Suite Enterprise Edition using extensions.

Integrated SCA capabilities


Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities.

Recorded login sequences


Authenticate to any application by recording complex login sequences with a browser plugin. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on.

Scan configuration libraries


View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting.

GraphQL-based API


Expose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and agent management.

Improved SPA scanning


Burp Scanner now handles navigational actions that cause DOM updates without a synchronous request to the server, allowing better handling of single-page applications.

Improved CI/CD integrations


Support for site-driven scans within CI/CD plug-ins - and the ability to download end of scan reports. Set parameters for determining when a build fails.

Improved SSO functionality


Enable single sign-on via Active Directory using SAML, in addition to the previously existing single sign-on functionality using LDAP.

Workflow improvements


Streamline post-scan tasks by downloading detailed scan reports, automating email function for end-of-scan summary reports, and automating Jira ticket creation.

Improved user interface


Extensive UI upgrades have been introduced, including navigation changes, overall look-and-feel, and more intuitive in-product workflows.

Browser-powered scanning enhancements


Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.

Customer quote

We use Burp Suite Enterprise Edition because of the ease of use, the cost, the straightforward implementation, the useful results, and the accuracy - results when compared to more expensive tools are very similar. Source: TechValidate survey of PortSwigger customers

See more customer stories

Douglas R. Lomsdalen