|
|
Unleash AppSec expertise to supercharge
engineering, deliver fast feedback to software teams, and achieve
DevSecOps.
|
Test, find, and exploit vulnerabilities
faster. The world's leading toolkit for web application security testing.
|
|
|
What will it do for us?
|
|
¡¡
|
Professional
|
Automate dynamic scanning to scale
across many applications.
|
✔ Accelerate penetration testing workflows.
|
Scale security testing.
|
✔ Enable faster and easier bug bounty hunting.
|
Integrate scans with CI/CD and achieve
DevSecOps.
|
✔ Perform powerful manual testing.
|
¡¡
|
|
Who uses it?
|
|
¡¡
|
Professional
|
AppSec teams.
|
✔ Frontline AppSec engineers.
|
Software development teams.
|
✔ Penetration testers.
|
CISOs and CTOs.
|
✔ Bug bounty hunters.
|
AppSec centres of excellence.
|
|
¡¡
|
|
What are the key features?
|
|
¡¡
|
Professional
|
Fully automated scanning with simple
point-and-click.
|
✔ Burp Proxy for intercepting HTTP requests and
responses.
|
Ability to run concurrent scans across
infinite number of web applications.
|
✔ Complete toolbox of Burp tools for
penetration testing including Burp Scanner, Burp Intruder, Burp Repeater,
and Burp Sequencer.
|
Integrating with CI/CD platforms.
|
✔ 250+ Burp Extensions (BApps) for customizing
testing workflows.
|
Integrating with bug tracking systems
and vulnerability management platforms.
|
|
Out-of-the-box scan configurations.
|
|
Dashboards to see security posture for
whole or part of organization.
|
|
Role-based access control and single
sign-on.
|
|
¡¡
|
|
What scanning technology does it
use?
|
|
¡¡
|
Professional
|
Burp Scanner - as trusted by over 50,000
users worldwide.
|
✔ Burp Scanner - as trusted by over 50,000
users worldwide.
|
Browser-powered scanning using embedded
Chromium browser.
|
✔ Browser-powered scanning using embedded
Chromium browser (on by default).
|
¡¡
|
|
What about integration?
|
|
¡¡
|
Professional
|
Universal integration with every CI
platform.
|
✔ Designed for use by individual testers.
|
Exposed core functionality with a
GraphQL-based API.
|
✔ Exposed functionality and data with a REST
API.
|
¡¡
|
|
What's the output?
|
|
¡¡
|
Professional
|
Intuitive GUI dashboards with
interactive scan results.
|
✔ Powerful desktop interface aimed at security
engineers.
|
Complete or application-specific views
on organization security posture with folder and site-level dashboards.
|
✔ Expert remediation advice.
|
Expert remediation advice.
|
✔ HTML or XML scan reports.
|
CI/CD feedback for development teams.
|
|
Integration with ticketing systems.
|
|
¡¡
|
|
How can we control access?
|
|
¡¡
|
Professional
|
Role-based access control (RBAC).
|
✔ Single user. No access control.
|
Single sign-on (SSO).
|
|
¡¡
|
|
How can we deploy it?
|
|
¡¡
|
Professional
|
Deploy to the cloud, via AWS, Azure, or
GCP.
|
✔ Local installation only.
|
On-premise installation.
|
|
¡¡
|
|
What about licensing and
scalability?
|
|
¡¡
|
Professional
|
No limit to number of users per license.
Designed for organizations.
|
✔ Licensed for individual users
|
Licensed by the number of concurrent
scans you wish to perform.
|
|
No limit on the number of distinct
applications you can scan.
|
|