This release further improves Burp Suite Enterprise Edition's support for single sign-on by enabling SAML integration. It also provides major improvements to the AWS deployment process.

SAML integration

Burp Suite Enterprise Edition now supports SAML-based single sign-on. This is particularly useful for managing user authentication for cloud-based deployments.

You can integrate SAML SSO using any identity provider (IdP), but the following ones have been fully tested:

  • Active Directory Federation Services (ADFS)
  • Okta
  • Azure Active Directory

To configure the connection to your preferred SAML IdP, log in to Burp Suite Enterprise Edition as an administrator, select "Single sign-on" from the settings menu, then open the "SAML connection" tab.

For more detailed information, please refer to the accompanying documentation.

Other improvements

This release also provides the following improvements:

  • When marking all issues of the same type as false positives, you can now choose to limit this to the current scan only.
  • Empty placeholder pages have been improved. In each case, you will now be informed why the page is empty and prompted to perform the relevant actions to populate it with data.
  • Sites and folders are now displayed in alphabetical order in the site tree.
  • Performance has been improved when running scans that use a large number of scan configurations.

Burp Suite Enterprise Edition on the cloud

This release provides major usability improvements to the deployment process for Burp Suite Enterprise Edition on AWS.

Most notably, the CloudFormation template now creates all of the required AWS infrastructure for you. This includes creating a new Virtual Private Cloud (VPC), so you no longer need to set this up manually. We hope that this will make it much easier to get up and running.

Secondly, there are now two CloudFormation templates for each release of Burp Suite Enterprise Edition:

  • The main template, which is used to create the required AWS environment and deploy the application.
  • The IAM template, which is used to create the relevant IAM users.

Previously, some customers faced issues when the user performing the deployment did not have the appropriate permissions to create IAM users. Now that this is handled in a separate template, you can easily hand over this part of the setup process to the relevant team within your organization.

If you want to deploy Burp Suite Enterprise Edition 2020.10 to the cloud for beta testing, you can download the template for your preferred cloud platform from the links below.

AWS

Azure

Bug Fixes

We have also provided the following bug fixes:

  • Reinstalling Burp Suite Enterprise Edition for use with an existing database no longer causes issues.
  • You can now successfully run the installer over an existing installation, for example, to fix any missing libraries.
  • When the API key is generated for a new API user, long domain names no longer cause the URL to exceed the boundaries of the text field.
  • The option for creating Jira sub-tasks has been removed to avoid invalid issue type errors. Creating sub-tasks is not supported by the Jira API.
  • You can now update the port for your web server's HTTPS URL without having to upload a new certificate.
  • We have made minor corrections to the GraphQL API reference documentation.