Emma Stocks | 02 February 2024 at 11:26 UTC
BChecks, in a nutshell, are easy to use custom-created scan checks that enable you to extend the capabilities of Burp Scanner in a quick and simple way. We recently released BChecks to Burp Suite Professional and, following fantastic feedback from the user community, we've now made this feature available to our Burp Suite Enterprise Edition users as well.
The advantage of using BChecks to support automated, scheduled scanning within your organization is the amount of time it takes. Or rather, how little time it takes. Unlike creating a built-in scan check where you're dependent on waiting for it to be added natively to Burp Suite, you can import a BCheck and start scanning for the specific vulnerability straight away.
Being able to customize Burp Scanner so that it's fine-tuned to look for the vulnerabilities that are impacting your organization's apps most means that you can work in a more agile manner. Simply import a specific custom scan check from the GitHub repo, or write your own custom BCheck in Burp Suite Professional, then start scanning immediately.
Looking to apply a scan check to test your applications for a severe zero-day vulnerability? There's a BCheck for that. Want to check for less critically impactful bugs earlier in your pipelines? There's a BCheck available to import. If your teams already use Burp Suite Professional alongside Burp Suite Enterprise Edition, you can even write your own custom BChecks that are tailored specifically to your own applications and the vulnerabilities you're interested in scanning for.
The BChecks GitHub repository already contains a wide variety of custom scan checks, created by both PortSwigger developers and the Burp Suite user community. Some highlights include:
BChecks are available, and ready to use in Burp Suite Enterprise Edition right now. To get started, simply follow the steps below:
For further information and guidance, please refer to the BChecks in Burp Suite Enterprise Edition documentation.