Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Burp Suite Enterprise Edition

Pay as you scan (PAYS) - Overview

Save money by paying for only what you use.

humans using burp suite enterprise

How does it work?

When you subscribe to Burp Suite Enterprise Edition using the Pay as you scan option, the fee structure is broken down into two parts; an upfront annual subscription fee, and a fee that is charged per hour that you scan.

Paying for scan time is simple - we'll invoice you on a monthly basis, and payment will be taken automatically from your saved card. You can set a limit on the maximum number of scan hours you can run within a month from your user account - which is handy if you're working to a fixed budget.

burp suite enterprise edition subscription models

Unlimited scans and users with Burp Suite Enterprise Edition's pay as you scan model

As with every Burp Suite Enterprise Edition subscription, there's no limit to the number of domain names / URLs you can scan, or the number of users you can add. The scan results you produce all come with actionable remediation advice - so you can address the root cause of those vulnerabilities as quickly as possible.

There is no limit to the number of concurrent scans you can run with a Pay as you scan subscription.

If you have any questions about Enterprise Edition's Pay As You Scan model, our team are happy to help. Get in touch with them at hello@portswigger.net.

"Pay as you scan is a great solution for compliance scanning, or those new to web security"

A great solution for compliance scanning, or those new to web security

Classic Burp Suite Enterprise Edition pricing isn't ideal for every organization. For instance, if you have only ad hoc, or bursty scanning requirements, or if you are just starting on your scanning journey, then our Classic pricing (designed for more regular use) may not be cost-effective. This is especially true for organizations with smaller security budgets - and may also ring true if you're scanning for compliance reasons (e.g. to become FedRAMP authorized).

This type of subscription model comes with a hidden benefit, in that the number of concurrent scans is unlimited, which would be restricted with a classic subscription.

Pay as you scan bridges this gap, creating a much lower entry point for Burp Suite Enterprise Edition subscribers. Pay as you scan is designed to scale with your organization's needs - it's easy to switch over to an alternative subscription option if you find that your requirements have outgrown PAYS.

Type

Classic subscription breakdown

PAYS subscription breakdown

Type Fixed

Classic subscription breakdown $9,999 - 1 year Classic subscription (including 1 concurrent scan).

PAYS subscription breakdown $3,600 - 1 year Pay as you scan subscription

Type Variable

Classic subscription breakdown None

PAYS subscription breakdown

Example

  • 120 hours of total annual scan time
  • 5 applications
  • 2 hours per scan ($25 per hour)
  • 1 scan per month per application

Total: $3,000

Type Total

Classic subscription breakdown $9,999

PAYS subscription breakdown $6,600

"If your scanning requirements are relatively light, then pay as you scan will almost certainly save you a lot of money"

As you can see, in the fairly common scenario described above, you would save a total of $3,399 by choosing a Pay as you scan subscription over a Classic subscription - just over 50%.

This doesn't come at the cost of any functionality. In fact, you gain slightly - because the PAYS subscription includes as many concurrent scans as you want. You do of course keep the ability to scan any domain names / URLs you need to, and to add as many users as you want - because unlike many scanners, these features come as standard with every Burp Suite Enterprise Edition subscription.

Summary - save money by paying for only what you use

The example above demonstrates that if your scanning requirements are relatively light, then Burp Suite Enterprise Edition's Pay as you scan subscription option will almost certainly save you a lot of money. This will be ideal in many scenarios where organizations are using dynamic (DAST) scanning to help achieve compliance, or are just starting out with application security.

To cap all this, Pay as you scan keeps all the great features that every Burp Suite Enterprise Edition subscription comes with as standard. Among other things, this means that you can scan whichever domain names / URLs you want (without "locking in" certain ones) and add unlimited users.

To find out how to license Burp Suite Enterprise Edition with the Pay as you scan subscription option, contact our team with the link below.