Your agentic AI partner in Burp Suite - Discover Burp AI now           
Read More
Portswigger Logo
Burp Suite DAST The enterprise-enabled dynamic web vulnerability scanner.
Burp Suite Professional The world's #1 web penetration testing toolkit.
Burp Suite Community Edition The best manual tools to start web security testing.
View all product editions
Burp Scanner Burp Suite's web vulnerability scanner Featured Article
Attack surface visibility Improve security posture, prioritize manual testing, free up time.
CI-driven scanning More proactive security - find and fix vulnerabilities earlier.
Application security testing See how our software enables the world to secure the web.
DevSecOps Catch critical bugs; ship more secure software, more quickly.
Penetration testing Accelerate penetration testing - find more bugs, more quickly.
Automated scanning Scale dynamic scanning. Reduce risk. Save time/money.
Bug bounty hunting Level up your hacking and earn more bug bounties.
Compliance Enhance security monitoring to comply with confidence.
View all solutions
Burp Scanner Burp Suite's web vulnerability scanner Featured Article
Research Academy
Support Center Get help and advice from our experts on all things Burp.
Documentation Tutorials and guides for Burp Suite.
Get Started - Professional Get started with Burp Suite Professional.
Get Started - Enterprise Get started with Burp Suite Enterprise Edition.
User Forum Get your questions answered in the User Forum.
Downloads Download the latest version of Burp Suite.
Visit the Support Center
Downloads Download the latest version of Burp Suite Featured Article
Product Overview Request a demo Pricing
Explore Burp Suite DAST
Customer Stories
Resources
Product Overview
Customer Stories

Global Hospitality Provider Strengthens External Asset Security with Burp Suite DAST

From reactive scanning to proactive coverage - building a scalable, high-accuracy DAST program
Portswigger Culture Hero Image
In this story
Customer snapshot The Challenge The Solution The Future Next steps
image

Burp Suite DAST gives us the ability to quickly find exploitable issues across our external applications, so we can focus on reducing risk rather than chasing noise.

Head of Vulnerability Management
image

Customer snapshot

  • Industry: Global hospitality (hotels & resorts)
  • Size: ~8,000+ properties worldwide
  • Region: Global (EMEA-led adoption)
  • Environment : Hybrid model (cloud-first with on-prem scanning agents, Kubernetes deployments)
  • Key drivers : Strengthening application security post-breach, scalability across hundreds of apps, reduced false positives, PCI DSS and industry compliance

The Challenge

With a global portfolio of hotels and hundreds of external-facing applications, the security team was dealing with a fast-moving attack surface. Existing external asset management and vulnerability detection tools offered partial visibility, but they struggled to consistently identify high-confidence, exploitable vulnerabilities.

The Vulnerability Management team needed a way to quickly uncover issues like SQL injection or XSS, without being bogged down by noisy results. Standardizing scanning and integrating with their broader remediation workflows were key priorities, alongside laying the groundwork for future use cases such as internal asset scanning, CI/CD integration, and API security.

The Solution

The organization adopted Burp Suite DAST to complement their existing manual testing with Burp Suite Professional. This gave them the ability to run concurrent automated scans across hundreds of external-facing applications, surfacing actionable issues at scale.

Accuracy was central. Because Burp Suite DAST runs on the same engine trusted by the company’s pentesters, the results were both precise and credible. That meant less time chasing false positives and more time reducing real risk.

Flexible deployment and strong reporting options (PDF, HTML, compliance-aligned formats) ensured results could be shared easily, while an extensible GraphQL API allowed integration with tools like Microsoft Fabric and Cisco Kenna Security. This kept remediation teams working within familiar workflows.
image

PortSwigger’s guided onboarding gave us confidence to start small, get hands-on experience, and then plan for scale once we were ready.

image
By embedding Burp Suite DAST into their security program, the organization built a scalable process for external asset testing. They gained both breadth and precision, standardizing results across hundreds of applications while freeing security staff to focus on higher-value work. Developers received clearer, evidence-based findings, helping strengthen collaboration across teams.

The Future

Looking ahead, the organization plans to expand scanning into internal assets, onboard additional teams, and explore CI/CD integration with input from the Application Security team. API security scanning is also on the roadmap once discovery and documentation challenges are addressed.

Ready to strengthen your external security coverage?

Take our interactive walkthrough to see how Burp Suite DAST scales web application security across large portfolios without slowing down your teams.