Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Suite Reports by Standards

Gokcen | Last updated: May 02, 2022 07:02PM UTC

Hello, Does Burp Suite report vulnerability results by different security standards?  We utilize Acunetix which we use on our AWS Cloud environment and it mentions different security reports. Please see below reports in our environment. CWE / SANS Top 25 NIST SP 800-53 OWASP Top 10 2017 NIST SP 800-53 ISO 27001 DISA STIG

Ben, PortSwigger Agent | Last updated: May 03, 2022 07:56AM UTC

Hi Gokcen, Are you using Burp Professional or Burp Enterprise?

Gokcen | Last updated: May 03, 2022 01:40PM UTC

Hi, we are using Burp Suite Enterprise Edition.

Alex, PortSwigger Agent | Last updated: May 04, 2022 07:11AM UTC

Hi Gokcen, These are all the issues we report against with the scanner - https://portswigger.net/kb/issues In terms of specific compliance reporting, we are shortly due to release an update to Burp Suite Enterprise that will provide OWASP Top 10 and PCI DSS compliance reports. We plan to add additional standards further down the line but I don't have any ETA details on those at the moment. The release should be made available this month subject to final testing. Thanks

Ini | Last updated: Jun 27, 2022 05:57PM UTC

Hi Alex, May I know if the Burp Suite Enterprise now provides vulnerability scans (OWASP Top 10, PCI DSS, etc.) for compliance reports? I currently use Burp Enterprise. Thanks,

Alex, PortSwigger Agent | Last updated: Jun 28, 2022 05:56AM UTC

Hi, I can confirm as of Burp Suite Enterprise v2022.4, we now provide compliance reports for scans. Our initial release includes OWASP Top 10 and PCI DSS. You can find more detail at the link below: https://portswigger.net/burp/documentation/enterprise/work-with-scan-results/generate-reports-logs Thanks.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.