This release shortens scan times and increases coverage for authenticated content. It also improves support for scanning GraphQL APIs, and enables host credentials to be used when you provide a URL for your API definitions.
Get deeper authenticated coverage, faster
Burp Scanner can now spend more of the scan exploring authenticated areas and less time re-running your recorded login sequences. This helps you achieve deeper coverage in less time, especially on apps where sessions drop frequently.
When we added the status checker, it enabled more robust scanning of authenticated content. With the latest improvements, it also enables the scanner to greatly reduce the number of times a recorded login sequence runs during a scan. That time can be used to scan deeper, or reduce the amount of time the scan takes.
For more information, see Status checker.
Scan GraphQL APIs directly, without the web app workaround
You can now add a URL for GraphQL APIs in the same way as other API types. This removes the need to create a web app site and paste the GraphQL URL as a workaround. Onboarding GraphQL services is faster and more consistent with the rest of your API scanning setup.
For more information, see Scanning APIs.
Fetch URL-hosted API definitions that require a login
You can now provide host credentials when your API definition is supplied by URL and the server hosting the file requires authentication. This helps you pull in definitions from private locations, so you can keep using a single URL-based workflow even when definitions are not publicly accessible.
For more information, see Adding API definitions by providing a URL.
Java update
We updated Java Runtime to 21.0.10 and Azul Zulu to 21.48.17.