Product roadmap

JWT scan checks

New feature

Burp Scanner will check for a number of security vulnerabilities relating to JSON Web Tokens (JWT).

Dashboard improvements

Feature enhancement

New dashboard widgets providing additional data and views. We will also provide new ways of configuring and sharing dashboards.

Issue tracking with GitHub

Feature enhancement

Integration of GitHub issue tracking with Burp Suite Enterprise Edition, to sit alongside existing integrations with other issue tracking systems.

Folder-level configuration

Feature enhancement

Make config changes at folder level, as a bulk action in the UI. Reconfigure all the sites in a particular folder - for scan configuration, scanning machine pools, extensions used, etc.

Simplified browser-powered scanning on Linux

New feature

New deployment options based around the use of Docker will greatly simplify the use of browser-powered scanning on Linux.

Replay of recorded login sequences

Feature enhancement

Replay and view recorded login (authenticated scanning) sequences executed during scans, to check for issues during the login process.

Support for popups in recorded login sequences

Feature enhancement

Addition of support for popup page elements when using Burp Scanner's recorded login (authenticated scanning) feature.

Audit of asynchronous traffic

New feature

Burp Scanner will automatically audit in-scope API requests that are issued from client-side JavaScript using XHR and Fetch.

Hourly metered billing

New feature

Following on from Burp Suite Enterprise Edition's Kubernetes deployment, which features automatic scaling of scan resources, we will introduce hourly metered billing.

Improved coverage of popular JS libraries and frameworks

Feature enhancement

Fine-tuning of Burp Scanner, to optimize its performance when scanning sites built using React or AngularJS.

Improved scan speed

Feature enhancement

Further optimized performance in default settings - to enable faster scans without compromising coverage.

Kubernetes deployment

Done

Burp Suite Enterprise Edition now has a Kubernetes deployment option available, using a Helm chart. This enables auto-scaling of scanning resources.

Browser-powered scanning by default

Done

Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page apps, with browser-driven (Chromium) scanning. Enabled by default.

Server-side template injection

Done

Burp Scanner can now detect injection into a wider range of templating engines, and will employ OAST techniques to detect blind SSTI.

Payloads within data formats

Done

We have improved the placement and encoding of scan payloads within JSON and XML data structures.

Improved navigational coverage

Done

Burp Scanner now detects and interacts with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms.

Extended scanning machine capabilities

Done

Ensure scans are carried out using the most suitable scanning machines - based on network location, system resources, or other factors.

API scanning: first phase

Done

Enumerate API endpoints to scan APIs across your application portfolio; process OpenAPI (Swagger) definitions.

Improved user experience

Done

Display scanned URLs as a tree, to make site structure easier to see. We've also improved navigation through the UI, as well as product look and feel.

Single sign-on

Done

Configure an LDAP connection between Burp Suite Enterprise Edition and your Active Directory. Use single sign-on to remove the need to create and manage users.

Read all release notes

HTTP/2-specific vulnerability reporting

Done

Burp Scanner can now report new classes of HTTP/2-specific vulnerabilities.

Issue-tracking integrations

Done

Burp Suite Enterprise Edition now supports issue tracking integration using Slack, Trello, and GitLab.

Burp extensions

Done

By popular demand, you can now customize Burp Suite Enterprise Edition using extensions.

Integrated SCA capabilities

Done

Perform software composition analysis (SCA) of client-visible code, and report JavaScript libraries in use containing known vulnerabilities.

Recorded login sequences

Done

Authenticate to any application by recording complex login sequences with a browser plugin. Enable authenticated access for almost any target site, such as those using JavaScript-heavy logins or single sign-on.

Scan configuration libraries

Done

View and manage configurations, extend crawl and audit settings, view individual URL details, and view aggregated issue reporting.

GraphQL-based API

Done

Expose much of Burp Suite Enterprise Edition's core functionality for extensive improvements to site editing, scan settings, reporting, and scanning machine management.

Improved SPA scanning

Done

Burp Scanner now handles navigational actions that cause DOM updates without a synchronous request to the server, allowing better handling of single-page applications.

Compliance reporting

Done

Report scan results against compliance frameworks - such as PCI DSS, OWASP Top 10, etc.

Single sign-on via SCIM

Done

We now provide support for user management via SCIM (System for Cross-domain Identity Management), for integration with Okta and OneLogin.

Bulk operations

Done

You can now import sites from CSV files, apply scan configurations and application logins across a group of sites, and cancel/delete selected scans - all through the UI.

Improved CI/CD integrations

Done

Support for site-driven scans within CI/CD plug-ins - and the ability to download end of scan reports. Set parameters for determining when a build fails.

Improved SSO functionality

Done

Enable single sign-on via Active Directory using SAML, in addition to the previously existing single sign-on functionality using LDAP.

Workflow improvements

Done

Streamline post-scan tasks by downloading detailed scan reports, automating email function for end-of-scan summary reports, and automating Jira ticket creation.

Improved user interface

Done

Extensive UI upgrades have been introduced, including navigation changes, overall look-and-feel, and more intuitive in-product workflows.

Browser-powered scanning enhancements

Done

Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.