Your agentic AI partner in Burp Suite - Discover Burp AI now            Read more
Research Academy
My account Customers About Blog Careers Legal Contact Resellers

DAST 2025.10.1

04 November 2025 at 14:21 UTC

SHA256: {SHA FROM OPTION GOES HERE} MD5: {MD5 FROM OPTION GOES HERE}

This release enables you to pause scans that are running, without losing your progress. We also improved support for the authentication status checker for single page applications (SPAs), and enabled editing for your recorded logins. In addition, you can now specify a folder for your CI-driven scans.

Pause and resume multiple scans at busy times

Pause scans that are running or queued, then resume them later without losing progress. This enables you to avoid maintenance windows or busy periods, for example. You can pause or resume multiple scans at once from the Scans page.

This is just our first step in offering you more advanced scheduling control.

For more information, see Pausing and resuming scans.

Better authentication confidence for SPAs

The status checker for recorded logins now supports XPath and CSS selectors, as well as plain text. This gives you more control over how Burp Scanner confirms it’s still logged in during a scan. You can target specific elements such as a “Log out” button or an account link, for example. This is particularly useful if you're scanning SPAs.

In addition, if the status checker fails, you can now see a screenshot of the page and download the HTTP response. For more information, see Status checker.

Quickly update your recorded logins

Easily edit recorded logins instead of deleting and recreating them. This makes it faster to keep authentication settings up to date as your applications evolve.

For more information, see Editing recorded logins.

Specify folders for your CI-driven scans

You can now organize your CI-driven scans more effectively by assigning them to specific folders. This helps you group results by project, team, or environment.

For more information, see Viewing scan results in the dashboard.

Updates to Kubernetes architecture

We restructured the DAST Helm chart to align with our updated architecture and container images.

If you use a customized version of the chart, download the latest Helm chart and reapply your customizations.

Bug fixes

We fixed the following bugs:

  • Users with permission to View scanning machines no longer need permission to Modify settings in order to view scanning resources.
  • We reinstated a missing error panel in recorded login replay screenshots when login scripts fail.
  • You can now save sites with dynamic API authentication without encountering validation errors.

Java update

We updated Java Runtime to 21.0.9, and Azul Zulu to 21.46.19

Usage of this software is subject to the licence agreement.
All releases