Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities, and requires Burp Suite v2021.9 or later. It combines advanced diffing ...

This release introduces two new issue management features: accepted risk marking and severity adjustment. We've also made some other improvements, and fixed some bugs. Accepted risk:You can now mark ...

This section explains how to configure the way Burp Suite Enterprise Edition handles false positives, accepted risks, and issues with edited severities. You can configure whether Burp Suite Enterprise ...

This topic explains how to mark issues as false positives, mark issues as accepted risks, and edit issue severity. If Burp incorrectly identifies an issue, you can mark that issue as a false positive.

Adding authentication credentials for web app sites enables Burp Scanner to discover and audit content that is only accessible to authenticated users.

This section describes how to generate Standard and Compliance reports. You can send scan summary reports automatically, by email.

Hands-on security testers need the best tools for the job. Tools you have faith in, and enjoy using all day long. Burp Suite has long been that tool, and now, it's faster than ever. We’ve listened to ...

Performance is a critical factor in the usability and efficiency of any software, and Burp Suite is no exception. We've recently focused on enhancing Burp Suite's performance across several key areas ...

URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection. These work by using ambiguous URLs to trigger URL ...

This release introduces the ability to manually create issues, easier testing functionality for match and replace rules, and the option to save requests derived from an OpenAPI definition to the site ...

While manually testing, you may identify vulnerabilities that aren't automatically detected by Burp. You can create issues for these to make sure that they are included in your report. The issue is ...