This release enables you to add a status check, so Burp Suite DAST can make sure that your recorded login sequences have been successful. We also made some other improvements and fixed some bugs.
Stay authenticated with smarter login monitoring
You can now set up an authentication status check for recorded login sequences. By providing a status URL and some text that you only expect to see after a successful login, Burp Suite DAST can make sure that you're logged in throughout your scans.
This means no more silent failures or wasted scans. Burp Suite DAST keeps your sessions active and alerts you the moment authentication breaks. It also detects when sessions time out, so protected areas don’t go untested.
To learn more about checking your authentication status, see Recording login sequences.
Other improvements
- Added a counter to show the number of JIRA automatic and manual rules that have been created. The counter updates when rules are created, duplicated, or deleted, providing better visibility of your integration setup.
- If you don't have permission to view credentials for an API site, you now see warnings when credentials are missing. This helps you identify authentication issues and coordinate with team members to resolve them, improving your scan success rate.
Bug fixes
- Fixed a performance issue where loading the site tree took several minutes when API authentication credentials were required.
- Fixed inconsistencies between site tree and dashboard issue counts. Site tree counts now correctly exclude failed scans when calculating the latest scan results.
- Fixed incorrect reporting of merged variables when importing Postman collections with environment files. The system now only reports variables that were merged from the environment file.
- Fixed an issue where SCIM group updates would fail if there was a duplicate non-SCIM group with the same name.