Introducing custom scan checks to Burp Suite Enterprise Edition
BChecks, in a nutshell, are easy to use custom-created scan checks that enable you to extend the capabilities of Burp Scanner in a quick and simple way. We recently released BChecks to Burp Suite Professional and, following fantastic feedback from the user community, we’ve now made this feature available to our Burp Suite Enterprise Edition users as well.
How can my organization benefit from BChecks?
The advantage of using BChecks to support automated, scheduled scanning within your organization is the amount of time it takes. Or rather, how little time it takes. Unlike creating a built-in scan check where you’re dependent on waiting for it to be added natively to Burp Suite, you can import a BCheck and start scanning for the specific vulnerability straight away.
Being able to customize Burp Scanner so that it’s fine-tuned to look for the vulnerabilities that are impacting your organization’s apps most means that you can work in a more agile manner. Simply import a specific custom scan check from the GitHub repo, or write your own custom BCheck in Burp Suite Professional, then start scanning immediately.
Looking to apply a scan check to test your applications for a severe zero-day vulnerability? There’s a BCheck for that. Want to check for less critically impactful bugs earlier in your pipelines? There’s a BCheck available to import. If your teams already use Burp Suite Professional alongside Burp Suite Enterprise Edition, you can even write your own custom BChecks that are tailored specifically to your own applications and the vulnerabilities you’re interested in scanning for.
What BChecks are available?
The BChecks GitHub repository already contains a wide variety of custom scan checks, created by both PortSwigger developers and the Burp Suite user community. Some highlights include:
When we initially launched the feature, we shortlisted the top ten BChecks submitted by the amazing Burp Suite user community – you can view those BChecks in this blog post.
Made a BCheck in Burp Suite Professional you think the user community would benefit from? Submit it to the official BChecks repo here – you can also discover the range of BChecks available.
Adding BChecks to Burp Suite Enterprise Edition
BChecks are available, and ready to use in Burp Suite Enterprise Edition right now. To get started, simply follow the steps below:
- Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.
- From the settings menu, select Extensions to go to the Extension library.
- On the BChecks tab, click Upload BCheck.
- Select the BCheck you want to upload.
For further information and guidance, please refer to the BChecks in Burp Suite Enterprise Edition documentation.