With the Burp Suite Enterprise Edition, it’s now easier than ever to scan at a large scale | Blog


Burp Suite Enterprise Edition - New and Coming Features

774 Organizations in 68 Countries are now using Burp Suite Enterprise Edition to improve and scale security in their web portfolios. As we let the third anniversary of the development of the Burp Suite Enterprise Edition pass, we thought it would be time to give you a recap of some of the new features that the software now includes.

This post contains recently introduced (as well as upcoming) feature highlights in a few key functional areas. These functions enable:

  • Increased scan coverage for modern web applications.
  • Easier provisioning for new users – both in the cloud and on-premise.
  • The ability to scale scans across the enterprise.

Remember, unlike most automated web vulnerability scanners, Burp Suite Enterprise Edition scans can be assigned and reassigned to any website, application, or URL.

Over the past three years of development, we’ve listened carefully to our users, and we’ve now addressed a number of specific needs and vulnerabilities that you helped us identify. With the Burp Suite Enterprise Edition, you can now automate trustworthy Burp scans across your entire portfolio more easily than ever – and pave the way to DevSecOps.

New and upcoming features in Burp Suite Enterprise Edition

Increased scan coverage

  • Improved scanning of individual pages (SPAs) – Burp Scanner now processes navigation actions that cause DOM updates without a synchronous request to the server.
  • API scanning – automatically parsing OpenAPI v3 REST API definitions written in JSON or YAML – allowing more attack surface to be detected.
  • Authenticated Scanning – Record and play complex login sequences. This feature will soon be upgraded to handle the increased complexity.
  • HTTP / 2 support – Support of the latest web protocols.
  • New scan checks – Presentation of the latest PortSwigger research (e.g. HTTP request smuggling over HTTP / 2).
  • SCA – Analysis of the software composition that can detect vulnerable client-side JavaScript libraries.
  • Coming soon Monitoring of asynchronous data traffic – Greatly improved scanning of SPAs by checking API requests within the scope that are issued by client-side JavaScript using XHR or Fetch.

Easy deployment

  • Optimized setup – when getting started and when creating recurring scans.
  • Coming soon New and improved introductory documentation – Content with which your team can get started with the Burp Suite Enterprise Edition.
  • Coming soon Optimized cloud delivery – a simplified and improved cloud delivery experience.

PortSwigger also recently expanded its team of dedicated technical support specialists.

Scalable scanning

  • CI / CD plugin improvements – Compare specific sites and scans, download end-of-scan reports and set parameters for build errors – all without leaving your CI / CD system.
  • Agent machine pools – Assigning specific scan agents to specific tasks.
  • Coming soon Automatic scaling – Save costs on cloud infrastructure and computing.
  • Coming soon Bulk operations – Import sites, apply scan configurations / application logins, and delete / cancel scans – all in bulk.
  • Coming soon Extensions – Support for both custom extensions written in Java and compatible Burp extensions (BApps).
  • Coming soon Other problem tracking integrations – including Slack, GitHub and Azure DevOps.
  • Coming soon Further improvements in scan speed – faster scans without compromising coverage.
  • Coming soon Compliance reporting – Report scan results against compliance frameworks such as HIPAA, PCI, etc.

You can find more information about the upcoming features of the Burp Suite Enterprise Edition in our roadmap update from July 2021.

Get started today

If you would like to see most of the Burp Suite Enterprise Edition as quickly as possible, then take a look at our live demo (no registration required). This includes a large part of the Burp Suite Enterprise Edition – please note, however, that some functions (e.g. CI / CD integration) are not shown in the live demo.

Alternatively, please request a free 30-day trial version to provide and test a fully functional version of the Burp Suite Enterprise Edition. You can also speak to a member of our dedicated Enterprise Advocates team if you would like more information about the product / trial.

Source link

Leave A Reply

Your email address will not be published.