One month of Burp Suite in the Cloud - how are AppSec teams using it?
2024-5-7 22:25:53 Author: portswigger.net(查看原文) 阅读量:11 收藏

Mike Eaton | 07 May 2024 at 14:25 UTC

It’s now been a month since we launched the new Cloud-based Burp Suite Enterprise Edition, and we’re taking a look at the benefits our users have seen so far. 

Burp Suite Enterprise Edition in the Cloud is designed to help AppSec teams scale their security testing with automated DAST scanning, without the burden of setting up and maintaining their infrastructure.

What benefits are AppSec teams seeing?

The new Cloud version enables Burp Suite Enterprise Edition users to start with DAST scanning faster - it’s now, on average, 8x quicker to get started with your first scan compared to a self-hosted installation.

As a result, AppSec teams can scale their security testing more quickly to keep up with their organization's growth.

AppSec teams worldwide are now using the new cloud-based version, with teams in Asia, Europe, and North America using Burp Suite Enterprise Edition to get set up and start scanning in minutes.

Although DAST scanning is complicated and sometimes requires trial and error to get the perfect configuration, our cloud users encounter nearly three times fewer failed scans than those on self-hosted installations. This is because the cloud version has a faster feedback loop, and our technical support team has greater access to debugging information to help assist with any issues you might be experiencing.

How this Swiss tech organization uses Burp Suite Enterprise Edition in the Cloud to focus on testing external applications…

This Switzerland-based organization’s primary goal is to build a robust testing program that closely emulates an external attacker to give them confidence in their security measures. Their AppSec team sought to leverage Burp Suite Enterprise Edition to fill this gap in their security architecture.

Since using Burp Suite Enterprise Edition in the Cloud, this organization has been able to scale their testing and automate the scanning of their 25+ applications, and have integrated this new testing process seamlessly with their existing security protocols. They were able to start scanning in less than 24 hours, without being hindered by any installation or configuration delays.

This organization plans to fully integrate Burp Suite Enterprise Edition into its security operations to automate and streamline vulnerability scanning processes, ensuring timely identification and remediation of security issues. This integration is seen as crucial for maintaining the security integrity of their applications and supporting their growth in the technology industry.


Helping you understand DAST

Our team of Enterprise Experts has recently run multiple webinars to help AppSec teams better understand the benefits of automated DAST scanning. Below, you can find the recording from our most recent Webinar, which showcased Burp Suite Enterprise Edition in the Cloud.


During the webinars, AppSec managers were curious about a few key topics. Here’s a collection of some of the top questions:

Q. With this Cloud version, is it possible to scan internal applications that don't have internet access?

  • Yes, you can install a self-hosted scanning agent within your own environment to scan internal applications. This sends the results back to the Cloud server using an outbound connection.

Q. Does Burp Suite Enterprise Edition in the Cloud have any manual testing tools like Repeater or Intruder?

  • Burp Suite Enterprise Edition is an automated DAST tool. It does not include any manual testing features. For this, you would use Burp Suite Professional.

Q. Where will my organization’s data be stored when using Burp Suite Enterprise Edition in the Cloud?

  • All data is stored in PortSwigger secure Cloud.

Q. How do I get a trial of Burp Suite Enterprise Edition in the Cloud?

  • Schedule a call with our team using this link. On the call we can discuss your specific requirements for the evaluation, aiming to ensure that any trial period is a success.

How can you get started with scheduled, automated DAST scanning in the Cloud?

It’s now easier than ever to get started with DAST scanning using Burp Suite Enterprise Edition. Free up time and start scanning in minutes and unlock your AppSec team’s true potential.

Book a call here to get your free trial of Burp Suite Enterprise in the Cloud.


文章来源: https://portswigger.net/blog/one-month-of-burp-suite-in-the-cloud-how-are-appsec-teams-using-it
如有侵权请联系:admin#unsafe.sh