Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Enterprise Edition

Burp Suite Enterprise Edition user guide

  • Last updated: July 16, 2024

  • Read time: 3 Minutes

Welcome to the Burp Suite Enterprise Edition user guide. This guide explains how to set up users, sites, and scans so that you can get your scanning workflow up and running. It also gives a comprehensive overview of Burp Suite Enterprise Edition's other features, including CI/CD integration, issue tracking, and more.

Note

This guide assumes that you have already set your Burp Suite Enterprise Edition up and have access to the UI. If your organization has not yet set Burp Suite Enterprise Edition up, see Setting up Burp Suite Enterprise Edition.

Getting started with Burp Suite Enterprise Edition

Before you can get scanning, there are a few things you'll need to configure. Follow the steps below to get up and running:

Step 1: Set up your users

Managing permissions in this way makes it easy for you to give users the access they need. For example, you could set up separate roles for your security, IT infrastructure, and management teams, each with their own combination of permissions.

Step 2: Add the sites you want to scan

All Burp Suite Enterprise Edition scans require a target site. You can configure a wide range of settings to determine how each of your sites should be scanned, including:

  • Which of the site's URLs should be scanned and which (if any) should be excluded from scans.

  • The login mechanisms Burp Scanner should use to access your site.

  • Whether Burp Suite Enterprise Edition should send any automated notifications when scanning the site.

You can set up unlimited sites at no additional cost.

Related pages

Adding new sites

Step 3: Set up a scan configuration

In Burp Suite Enterprise Edition, a scan configuration is a set of predefined settings that determine how scans should be performed on a particular site. For example, a scan configuration can specify the maximum link depth of the crawl, or what types of issues to report.

You can either select a predefined scan configuration or create your own for each of your sites.

Step 4: Schedule your scans

Scheduling regular scans is the best way to see changes in your security posture and identify areas for improvement. Scans that run at set intervals with the same configuration are easier to compare than one-off scans. They help you to see how changes to your sites affect the vulnerabilities you find.

You can set up unlimited sites and run unlimited scans in Burp Suite Enterprise Edition at no extra cost.

Related pages

Managing scheduled scans

Step 5: View scan results

Burp Suite Enterprise Edition makes it easy for you to track your scanning progress over time. You can also view details of individual issues, and raise tickets in third-party issue tracking systems if you have set up the relevant integrations.

What else can I do with Burp Suite Enterprise Edition?

Burp Suite Enterprise Edition offers a wide range of additional features, enabling you to:

Was this article helpful?