SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Case Studies
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
    • More theme and feature topics
  • SOLUTIONS
    • Application Lifecycle Management (ALM), DevSecOps/VSM, Application Security
      • Application Security
      • DevSecOps
      • Digital Forensics
      • Secure Development
    • Cybersecurity, Governance Risk Compliance (GRC) and Resiliency
      • Governance, Risk Management and Compliance (GRC)
      • Malware Analysis and Reverse Engineering
      • Security Information & Event Management (SIEM)
      • Security Configuration Management (SCM)
      • Threat, Risk and Vulnerability Management
      • Penetration Testing and Ethical Hacking
    • Modern Infrastructure, NetOps
      • Network Performance Monitoring and Diagnostics (NPMD)
      • IT Operations Management (ITOM)
      • Network Operation (NetOps)
      • Network Management System (NMS)
    • Modern Workspace & Future of Work
      • Digital Workspace
      • End User Computing (EUC)
      • Securing Hybrid Workforce
      • Unified Endpoint Management (UEM)
      • User Activity Monitoring (UAM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Hidden Menu
      • Brand Overview
      • Services Overview
      • E-SPIN Product Line Card
      • E-SPIN Ecosystem World Solution Portfolio Overview
      • GitLab (DevOps, DevSecOps, VSM)
      • Hex-Rays (IDA Pro, Hex-Rays Decompiler)
      • Immunity (Canvas, Silica, Innuendo)
      • Parasoft (automated software testing, AppSec)
      • Tenable (Enterprise Vulnerability Management)
      • Veracode (Application Security Testing)
    • Cybersecurity, App Lifecycle, AppSec Management
      • Cerbero Labs (Cerbero Suite)
      • Core Security (Core Impact, Cobalt Strike)
      • HCL (AppScan, BigFix)
      • Invicti (Acunetix, Netsparker)
      • ImmuniWeb
      • UBsecure (Vex)
      • Portswigger (Burp Suite Pro, Burp Suite Enterprise)
      • Titania (Nipper Studio)
      • TSFactory (User Activity Monitoring)
    • Infrastructure, Network, Wireless, Cloud Management
      • Metageek (Wi-Spy, Chanalyzer, Eye P.A.)
      • Progress (WhatsUp Gold, WS_FTP, MOVEit MFT)
      • Paessler
      • Solarwinds (IT Management)
      • TamoSoft (wireless site survey)
      • Visiwave (wireless site survey, traffic analysis)
      • VMware (Virtualization, cloud mgt, Digital Workspace)
    • Platform products
      • Adobe (Digital Media Creation)
      • Micro Focus
      • Microsoft
      • Red Hat (Enterprise Linux, OpenStack, OpenShift, Ansible,JBoss)
      • SecHard
      • SUSE (Enterprise Linux, Rancher)
      • Show All The Brands and Products (Full)
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • PortSwigger
  • Burp Suite Enterprise Edition Automated Web Scanner
0
E-SPIN
Tuesday, 01 March 2022 / Published in PortSwigger, Product

Burp Suite Enterprise Edition Automated Web Scanner

Burp Suite Enterprise Edition is Enterprise server class solution for automated and scheduling continuous scanning solutions that are capable of running a high volume of concurrent scanning (just need to license agent quantity to cover the instance and workload required). Burp Suite Enterprise Edition is an automated web scanner, leveraging dynamic application security testing (DAST) technology, typically deployed to server enterprise with server or with a pool of scanning instances for scheduler, dashboard and DevSecOps CI/CD seamless integration and delivery automation. The key features of the product are:

  • Server installation, accessed via a modern web interface and REST API.
  • Automated scanning of web sites on demand or on a schedule, using Burp Scanner’s cutting-edge web scanning logic.
  • Extreme scalability, able to scan indefinitely many web sites in parallel.
  • Multi-user access, with role-based access control.
  • Integration with CI/CD so you can trigger scans per commit or within your deployment pipelines.

PortSwigger worked hard to ensure a painless setup for Burp Suite Enterprise. Once initialised, auto scanning will assess security across your portfolio. Universal CI/CD platform integration through straightforward plugins makes DevSecOps a reality.

Burp Suite Enterprise Edition designed with one goal, to make PortSwigger research and technology available to every organisation. PortSwigger had achieved that with the world’s most widely-used pentesting toolkit Burp Suite Professional – now fully automated with Burp Suite Enterprise Edition. The latest release of Burp Suite Enterprise Edition is 2022.2.1 (2022-Mar-3). Please read the separate dedicated post for the latest release in detail.

Key Product Features

Burp Suite Enterprise Edition is designed for automated scanning at scale, and integration with software development processes. It lets you:

  • Configure details of your organization’s web sites.
  • Schedule scans and view the results.
  • Use a scalable pool of agents to distribute work and grow according to your needs.
  • Give access to your team, protected by role-based access control (RBAC).
  • Integrate with your CI system via the REST API.

Burp Suite Enterprise Edition uses Burp Scanner’s cutting-edge web scanning logic to uncover dozens of different types of vulnerabilities.

Benefits of Burp Suite Enterprise Edition

  • Grow as big as you want – Extreme scalability means you don’t have to worry about growth. This is web security for organizations of any size.
  • Automate and schedule your scans – Scheduled, parallel scanning of assets and simple, visual reporting mean that auditing your security posture is easy.
  • Restrict sensitive data – More users create more need for internal security. Role-based access control (RBAC) keeps sensitive data out of reach.
  • Integrate with any CI pipeline – Whether you use Jenkins, TeamCity, or another CI platform for development, REST API integration is straightforward.
  • Prioritize threats easily – Smart prioritization will save you time when detected threats begin to stack up. Quickly find the optimal path to security.
  • Get the best on your side – All detected vulnerabilities come with remediation advice based on PortSwigger’s acclaimed research.

Don’t become the next headline data breach

  • So much of our world is now online, that new attack surfaces get introduced almost daily. These don’t go unnoticed by offensive operators. And a data breach could destroy your good reputation. When your users trust you with their data, you’re expected to protect it. If you fail, that trust is lost.
  • Burp Suite Enterprise Edition is underpinned by the same research that powers the world’s most widely-used penetration testing software. Our continuous updates mean you’ll be at the forefront of web security thinking – no matter what lurks over the horizon.

Prioritize security concerns as they arise

  • Burp Suite Enterprise Edition’s huge scalability and parallel operation mean it can detect a large quantity of bugs in short order. Here, vulnerability management functions save you time. Issues are prioritized automatically to prevent you getting swamped.
  • Integration with project management software like Jira makes planning a solution easy. Combined with role-based access control, this is security for teams of all sizes.

Security should never be a bottleneck for development

  • In traditional development environments, security got deferred until the later stages of a build. This often left a great deal of work to be rushed through in a short amount of time before release was possible – and created a lot of friction.
  • We think security is some of the most important work developers can do. As such, we champion a DevSecOps approach, where security is baked in from the outset. Burp Suite Enterprise Edition fully facilitates this – integrating with any CI/CD system.

Lists of Major Myths in Zero Trust Architecture

Product architecture

Burp Suite Enterprise Edition comprises the following components:

  • Enterprise server – This coordinates between the other components, manages scan scheduling, and performs software updates.
  • Agents – These carry out scans using an embedded instance of Burp Scanner. Agents can be distributed across multiple machines, and the pool of agents can grow indefinitely large.
  • Web server – This provides the interface to users, via the web UI and REST API. The web server is installed onto the same machine as the Enterprise server.
  • Database – This provides persistent storage for configuration data and scan results. There is a bundled database which is suitable for evaluation purposes and many production use cases, or you can use your own external database if required.

The diagram below shows the different components of the software and the connections between them:

System requirements

Number of machines

The number of machines needed to run Burp Suite Enterprise Edition very much depends on the scale of your intended usage.

You can run all of the components on a single machine, including the bundled database. This is suitable for evaluation purposes and for many production use cases. On a machine with substantial resources, this set up should be able to comfortably support up to 10 agents. The diagram below shows a single-machine deployment:

At the other extreme, you can run agents on a large number of machines, and you can use your own external database for storage. This lets you scale the number of concurrent scans to be indefinitely large, and utilize any existing database infrastructure that you have. The diagram below shows a multiple-machine deployment, with an external database and agent machines:

Each agent machine, and optionally the Enterprise server machine, can be configured to run multiple logical agents. Each logical agent can be occupied carrying out a single scan at any given time. The number of agents that will actually used is limited to the number in your license. Read more about agent counts

Note that the Enterprise server and web server components are always deployed on a single machine.

Machine specifications

All machines on which Burp Suite Enterprise Edition components are installed must have:

  • 64-bit architecture.
  • A modern Windows, Linux, or MacOS operating system. It is possible to use different operating systems on different machines within the deployment.

The amount of system resources required for machines running Burp Suite Enterprise Edition is highly dependent on a variety of factors, including the nature and extent of the applications being scanned, the numbers of issues that are reported, and the number of active users of the web UI and REST API. The following table provides an indicative guide to the machine specifications that are recommended to ensure satisfactory performance. When provisioning machines, be aware that specifications might need to change later based on the experience of your actual usage.

Enterprise server machine Agent machine
Base installation 10Gb of free disk space
16Gb of RAM
4 CPU cores
10Gb of free disk space
2Gb of RAM
2 CPU cores
Per logical agent 20Gb of free disk space
4Gb of RAM
4 CPU cores
20Gb of free disk space
4Gb of RAM
4 CPU cores
Bundled database Additional disk space is required
if the bundled database is used.
Read more
Not applicable

Please note the following points regarding free disk space requirements:

  • The free space required is not only for the up-front installation. Disk space is used for storage of ephemeral data during scans and product updates.
  • The disk location (configured during the installation process) must reside on locally attached storage, and not be a networked file system.

Database size

Burp Suite Enterprise Edition uses an SQL database to store data about configured sites and scans, the results of scans, and other configuration information. You can use one of the following options:

  • A bundled database that can be installed on the same machine as the Enterprise server. This option can be used to support any scale of deployment provided you have sufficient disk space available (see below).
  • Your own external database. Supported database types are: MariaDB, Microsoft SQL server, MySQL, Oracle, and PostgreSQL. This option lets you utilize any existing database infrastructure that you have, including database backups, and is more appropriate for larger deployments.

The quantity of data that might be accumulated by Burp Suite Enterprise Edition depends hugely on the scale and nature of your usage, and particularly on the number of scans that are performed and the number of issues that are reported by those scans. The following table is an indicative guide to the quantity of data that is likely to be accumulated in different situations:

Number of scans Data storage
1,000 500Mb
10,000 5Gb
100,000 50Gb

Client browsers

Most modern machines should be able to use the web UI without any problems.

Browsers that are specifically supported and tested are current versions of Chrome, Edge, Firefox, Internet Explorer, and Safari.

The recommended minimum screen size is 1080 pixels in the shorter dimension. Smaller screens than this can still use the web UI, but with a degraded experience.

A mouse pointer is required to access some features, which appear on contextual controls on mouse hover. The remainder of the UI and the majority of features will still function correctly without a mouse pointer.

Network and firewall configuration

The diagram below shows the required network topology and access. This includes machines that are optional and won’t appear in some deployments (external agents and database):

A dedicated DMZ network is recommended to host the machines on which Burp Suite Enterprise Edition is deployed, but this is not mandatory.

In particular, note the requirements below for network access. It might be necessary to configure your firewall to allow the necessary access.

  • Users and API clients need to access the web server on a port that you can select (by default, 8080).
  • The Enterprise server needs to access portswigger.net on port 443, to carry out license activation and software updates. Note that this access is needed for ongoing usage of the software, not only during initial installation. You can configure a network proxy if this is needed to reach the public web.
  • If you install agents on any external machines, these need to access the Enterprise server machine on port 8072.
  • If you use the bundled database, then any external agent machines will need to access the Enterprise server machine on port 9092.
  • If you use an external database, then the Enterprise server and any external agents will need to access the database service on the configured host and port.
  • Agents will need to access the sites that are to be scanned (on ports 80, 443, etc. as required).
  • To gain the full benefit of Burp Suite’s out-of-band vulnerability detection technology, agents will need to access burpcollaborator.net on port 443.

Integrate with your CI system

Follow the steps below to integrate Burp Suite Enterprise Edition with the CI system through the REST API:

  1. Create a dedicated user for the integration to use. Go to the team page, and the users tab. Then click ‘New user’.
  2. Provide the user a suitable name that identifies the integration.
  3. Select the login type to be ‘API key’.
  4. Add the user to a suitable group that has the ‘Scan initiator’ role.
  5. Click ‘save’.
  6. When prompted, copy the user’s API key. Keep a record of the API key and handle it sensitively.
  7. Download a suitable Burp CI integration for the system. If a Burp CI plugin is available for the CI platform, install the plugin. Otherwise, install the generic CI driver.
  8. Configure the integration with the API key.
  9. Configure suitable builds in the CI system to make use of the integration.

Feel free to contact E-SPIN for your project or end to end requirement and solution consultancy, for the modern DevSecOps, CI/CD systems or integration this DAST with other application security testing (AST) technologies, from static application security testing (SAST), origin analysis / software composition analysis (SCA), mobile application security testing (Mobile AST), export and further vulnerability exploitable testing or penetration testing, secure code review at developer IDE, unit code coverages and so on.


Product Latest Release and Build History

This is ongoing and usually on an increment basis, to make it easy to be read by technical users, we consolidate it into separate posts, please read it from this link.

Related Post You May Interest

Burp Suite Enterprise Edition Product Latest Release and Build

Tagged under: Application Security, Application Security Testing (AST), Burp Suite Enterprise, Dynamic Application Security Testing (DAST), Portswigger, Web Vulnerability Scanner

What you can read next

VMware AnyWhere Workspace Seminar Workshop-Unified Endpoint Security
Use Power of Cloud to Benefit Drug Development
DefenseCode Product Price Rise Early Notice
Hex-Rays Decompiler Product Overview by E-SPIN
WhatsUp Gold New Version 16.4 Technical Overview by E-SPIN

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Identity and Access Management (IAM) in Securing Digital Identities and Beyond

    The complexity in securing digital identities h...
  • 5 Things Your ISMS Needs to Be Effective

    IGA solutions in providing better security and governance in the age of digital transformation

    Digital transformation has become a big buzzwor...
  • Red Hat Ansible Automation Platform Product Overview Webinar

    Red Hat Ansible Automation Platform Product Ove...
  • E-SPIN Seasonal Greeting Happy Ramadan

    E-SPIN Group would like to take this season gre...
  • Cybersecurity Automation and Integration

    Passwordless Authentication: A Pathway to Improved Cybersecurity

    As technology continues to advance and digital ...

Recent Comments

  • JEAN ARIANE H. EVANGELISTA on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • Ira Camille Arellano on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • NKIRU OKEKE on Top 5 Challenges in the Consumer Products Industry
  • Md Abul Quashem on Types of Online Banking or E-Banking
  • Atalay marie on What is Cybersecurity Mesh ?

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • Brand
  • Case Studies
  • Cerbero Labs
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DBeaver
  • DefenseCode
  • DSquare Security
  • DSquare Security
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • Excelledia
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • GitLab
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Invicti
  • Ipswitch
  • Isorobot
  • JetBrains
  • Job
  • Life Science
  • LiveAction
  • Magnet forensics
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PortSwigger
  • Pradeo
  • Product
  • Progress
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • SecHard
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Soft Activity
  • SolarWinds
  • Solution
  • SUSE
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • UBsecure
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2022 E-SPIN Group of Companies | All rights reserved.
E-SPIN refers to the global organisation, and may refer to one or more of the member firms of E-SPIN Group of Companies, each of which is a separate legal entity.
  • Contact
  • Privacy
  • Terms of use
TOP