Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Query on BURP Scanner & Enterprise

ICT | Last updated: Sep 24, 2021 01:13PM UTC

We are looking for some clarity on BURP product updates as we are formulating our requirements to support a case to purchase Enterprise licenses, in addition to the existing Pro licences we already have. Looking through the 'Managing Updates' documentation for Enterprise, we can see that BURP Scanner and BURP Enterprise updates are standalone. Could you provide some details of what the BURP Scanner updates actual cover, i.e. If a new vulnerability is being exploited in the real world, does BURP Scanner get an update to include this check to increase it's scanning power and check for the vulnerability within our application architecture? If so, how often do these updates get released? Also where can we see the detail of past BURP Scanner updates? Finally is BURP Scanner an integral part of BURP Professional and therefore the two are updated together? Look forward to your response KR James

Uthman, PortSwigger Agent | Last updated: Sep 24, 2021 03:43PM UTC

Hi James,

Please see the answers to your queries below:

The Burp Enterprise update will deal with updating the enterprise server and components (everything except the scanner). The Burp Scanner update will update the scanner component - simplified, this just pulls in the latest Burp Pro JAR and updates your Enterprise installation to use it. This is what the latest version of Burp Scanner is. If any additional scan checks (issue definitions) are added, they will be in a scanner update so it is worth always keeping this updated.

The scanner does not automatically update based on any threat or vulnerability feed. Our developers physically write and update the checks as and when appropriate, usually in line with any research conducted by our security researchers.

You can check out the full list of issues the scanner can detect natively here. However, you can now write some custom scan checks in Enterprise because extensions are supported as of 2021.8. You may find the resources below helpful in getting started:


You can find all the past releases here. In terms of the frequency of updates, there is usually one major release per month along with some point releases (e.g. for bug fixes, security updates, etc. there is no exact timeframe on these).

In terms of your final question, the scanner is a major component of both products. When it is updated, it is part of the 'Pro' updates in the release notes.

Hopefully, this is somewhat helpful but let me know if you have any additional questions! :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.