Burp Cloud Scanning
A tool for managing cloud security with efficient scanning of web applications using Burp Suite Enterprise Edition.
| Category | Penetration Testing Tools |
|---|---|
| This page updated | a month ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Security professionals, DevOps teams, and organizations managing cloud security. |
In managing cloud security with Burp Suite Enterprise Edition, one of the core challenges is ensuring efficient and secure scanning of web applications, especially those with restricted access or located within internal networks. To address this, Burp Suite utilizes a concept called "scanning pools" for its Cloud instances.
The technical architecture involves setting up self-hosted scanning machines that can be grouped into scanning pools. Each self-hosted scanning machine must be assigned to a scanning pool, and only machines within the same pool can scan the sites assigned to that pool. This allows for better resource management, such as keeping scanning machines and sites for a specific geographic area or team together, or reserving machines for specific purposes like CI/CD pipelines or ad-hoc scanning.
Operationally, setting up a self-hosted scanning machine involves downloading and running an installer for Windows or Linux, configuring network and firewall settings, and generating an authentication token to connect the machine to the Burp Suite Enterprise Edition cloud instance. The machine is then automatically added to a default scanning pool, and sites must be assigned to the same pool to utilize the self-hosted scanning resources.
Key operational considerations include ensuring the infrastructure meets the system requirements for self-hosted scanning machines and configuring the network and firewall settings appropriately. Additionally, there are limitations around the assignment of sites and machines to pools; for example, if a site is not assigned to a specific pool, it defaults to using PortSwigger-hosted scanning machines.
From a technical standpoint, the use of self-hosted scanning machines enables local scanning of internal applications that cannot be accessed from outside the network, while still allowing scan results to be managed and displayed through the Burp Suite Enterprise Edition dashboard. This approach ensures that scans can be run with the necessary access and security controls in place.