Pay as you scan (PAYS) - Overview

How does it work?

When you subscribe to Burp Suite Enterprise Edition using the Pay as you scan option, the fee structure is broken down into two parts; an upfront annual subscription fee, and a fee that is charged per hour that you scan.

Paying for scan time is simple - we'll invoice you on a monthly basis, and payment will be taken automatically from your saved card. You can set a limit on the maximum number of scan hours you can run within a month from your user account - which is handy if you're working to a fixed budget.

Unlimited scans and users with Burp Suite Enterprise Edition's pay as you scan model

As with every Burp Suite Enterprise Edition subscription, there's no limit to the number of domain names / URLs you can scan, or the number of users you can add. The scan results you produce all come with actionable remediation advice - so you can address the root cause of those vulnerabilities as quickly as possible.

There is no limit to the number of concurrent scans you can run with a Pay as you scan subscription.

If you have any questions about Enterprise Edition's Pay As You Scan model, our team are happy to help. Get in touch with them at hello@portswigger.net.

A great solution for compliance scanning, or those new to web security

Classic Burp Suite Enterprise Edition pricing isn't ideal for every organization. For instance, if you have only ad hoc, or bursty scanning requirements, or if you are just starting on your scanning journey, then our Classic pricing (designed for more regular use) may not be cost-effective. This is especially true for organizations with smaller security budgets - and may also ring true if you're scanning for compliance reasons (e.g. to become FedRAMP authorized).

This type of subscription model comes with a hidden benefit, in that the number of concurrent scans is unlimited, which would be restricted with a classic subscription.

Pay as you scan bridges this gap, creating a much lower entry point for Burp Suite Enterprise Edition subscribers. Pay as you scan is designed to scale with your organization's needs - it's easy to switch over to an alternative subscription option if you find that your requirements have outgrown PAYS.

As you can see, in the fairly common scenario described above, you would save a total of $3,399 by choosing a Pay as you scan subscription over a Classic subscription - just over 50%.

This doesn't come at the cost of any functionality. In fact, you gain slightly - because the PAYS subscription includes as many concurrent scans as you want. You do of course keep the ability to scan any domain names / URLs you need to, and to add as many users as you want - because unlike many scanners, these features come as standard with every Burp Suite Enterprise Edition subscription.