Burp Suite User Forum

Login to post

Rest API Scanning

Nilkanth | Last updated: Aug 21, 2019 08:23PM UTC

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise?

Mike, PortSwigger Agent | Last updated: Aug 22, 2019 10:07AM UTC

Hi Neel, can you give me some more detail about the feature that you would like to be implemented in Burp Suite Enterprise?

Burp User | Last updated: Aug 22, 2019 09:03PM UTC

Ability to perform DAST on REST APIs endpoints, wherein you can feed the tool with swagger definitions and necessary auth tokens to perform the scan.

Mike, PortSwigger Agent | Last updated: Aug 23, 2019 08:52AM UTC

Thanks for the clarification, this feature has been requested previously by other users so it is a candidate for being implemented in a future version of Burp Suite. Unfortunately I can't provide an ETA on when this will be available but we will notify this thread once this feature has been released.

Burp User | Last updated: Jan 09, 2020 01:44AM UTC

Its been a while. Any update on this? I too would like to see this feature implemented.

Hannah, PortSwigger Agent | Last updated: Jan 09, 2020 11:04AM UTC

Hi Jason. This feature is in our 2020 roadmap, and so should be implemented this year.

Liam, PortSwigger Agent | Last updated: Nov 20, 2020 08:35AM UTC

The latest release of Burp Scanner includes a feature to scan both JSON and YAML-based API definitions for vulnerabilities. - https://portswigger.net/burp/releases/professional-community-2020-11?requestededition=professional - https://portswigger.net/burp/documentation/desktop/scanning/api-scanning

You need to Log in to post a reply. Or register here, for free.