DAST

Scanning web apps and APIs

• Last updated: October 1, 2025

• Read time: 1 Minute

You need to create a site in Burp Suite DAST in order to scan web apps or APIs. You can configure a wide range of settings to manage scans of your sites, including:

• The URLs you want to include in your scans.
• Any URLs you want to exclude from your scans.
• The configuration that Burp Scanner uses to scan the site.
• The login mechanisms Burp Scanner uses to access your site.
• Configurations for retrieving dynamic authorization tokens.
• Any automated notifications that you want Burp Suite DAST to send during the scan.

This section explains how to add and edit site details, and how to arrange your sites in the site tree.

Sites section contents

• Adding new sites
• Configuring network and firewall settings
• Importing sites in bulk
• Setting the site scope

• Configuring site settings

  • Defining the scan configuration

    • Using preset scan modes
    • Using custom scan configurations
    • Defining the scan configuration for a folder

  • Configuring authentication

    • Adding usernames and passwords
    • Adding recorded login sequences
    • Configuring platform authentication
  • Configuring upstream proxy servers
  • Adding headers and cookies
  • Scanning with extensions
  • Managing scanning pools

  • Setting up scan notifications

    • Setting up email notifications
    • Setting up Slack notifications
• Performing a pre-scan check
• Adding tags to sites
• Editing existing sites
• Managing the site tree