This release adds new API discovery integrations for Azure and Apigee, and gives you finer control over which HTTP methods get scanned when APIs auto-sync.
Discover APIs from Azure API Management
You can now integrate Burp Suite DAST with Azure API Management to automatically discover APIs published in your instance. Discovered APIs appear in API finder, where you can review them and create sites to scan them.
For more information, see Integrating with Azure API Management.
Discover APIs from Google Apigee
You can now integrate Burp Suite DAST with Google Apigee to automatically discover APIs in your Apigee organization. Discovered APIs appear in API finder, where you can review them and create sites to scan them.
For more information, see Integrating with Google Apigee.
Choose which HTTP methods to scan on auto-synced APIs
When you set up auto-sync for an API found by API finder, you can now choose which HTTP methods (such as GET, POST, PUT, and DELETE) Burp Suite DAST automatically enables. This gives you finer control over which parts of the API get scanned, without having to manually edit the site every time the definition changes.
Bug fixes
We fixed the following bugs:
- All scans run in DAST were showing an "Error initializing Target tool" message in the event log and timeline. This no longer appears.
- Cloud migration exports now correctly preserve the Advanced scope mode and rules for sites.
- Recorded logins with many document requests now work, instead of failing without explanation.
- The
site_treeGraphQL query now reports the correct scope mode for sites that use Advanced scope. - The Splunk integration now handles transient failures more gracefully, with improved error handling and retry logic.
- We fixed a vulnerability in Burp Scanner.
Java update
We updated Java Runtime to 21.0.11 and Azul Zulu to 21.50.19.