In today’s rapidly evolving digital landscape, securing web applications at scale is a challenge, even for the most well-resourced organizations. Large enterprises operate thousands of applications and APIs across complex cloud environments, requiring robust and scalable security solutions to stay ahead of evolving threats.
That’s why PortSwigger is proud to announce a strategic partnership with SAP, a global leader in enterprise software solutions. SAP has chosen PortSwigger’s Burp Suite Enterprise Edition as its preferred Dynamic Application Security Testing (DAST) solution to bolster the security posture across their vast web application portfolio and protect its online services. But this partnership goes beyond implementation—SAP will continue to provide critical insights that will shape the evolution of Burp Suite Enterprise Edition, helping PortSwigger optimize their DAST solution for the unique security challenges faced by global enterprises.
Burp Suite creator and PortSwigger CEO, Dafydd Stuttard, commented “This partnership represents an important collaboration in enhancing application security at scale. By integrating Burp Suite’s powerful DAST scanning technology into SAP’s processes, we are proud to support their commitment to delivering secure, high-quality web applications for their global customer base.”
Why SAP chose PortSwigger
As one of the world’s most trusted enterprise software providers, SAP offers a diverse portfolio of business-critical applications, from SAP Ariba and SAP Business Technology Platform (BTP) to SAP HANA Cloud and SAP Analytics Cloud. These platforms power the day-to-day operations of thousands of enterprises worldwide, so ensuring their security is paramount.
SAP Sovereign Cloud Services (SCS) needed a DAST solution capable of:
- Securing a massive, distributed, and complex cloud environment across multiple regions, including Australia, Canada, the United States, and the United Kingdom.
- Automating security testing at scale while integrating seamlessly into SAP’s development pipelines.
- Providing the highest level of accuracy to minimize false positives and support compliance with stringent regional security requirements.
After extensive evaluation, SAP selected Burp Suite Enterprise Edition for its industry-leading accuracy, efficiency, and scalability. Built on the same proprietary scanning engine that powers Burp Suite Professional—the gold-standard toolkit for manual penetration testing, trusted by over 80,000+ AppSec professionals in 17,000+ organizations worldwide—PortSwigger’s DAST solution was the natural choice.
“We are dedicated to providing our customers within regulated and federal industries with the most secure and reliable solutions.” said Alijohn Ghassemlouei, Senior Director of Engineering, Sovereign Cloud at SAP. “By partnering with PortSwigger and adopting Burp Suite’s DAST solution, we are able to satisfy regional security requirements across multiple countries at scale, through automation, and with the lowest false positives, ensuring that we are able to improve our SAP solutions as well as providing deeper technical insights to regional regulators.“
Security at scale: Meeting the demands of global enterprises
In addition to running regular, automated DAST scans, with Burp Suite Enterprise Edition, SAP has also been able to integrate automated security testing into its CI/CD pipelines, ensuring continuous protection without slowing down innovation. This two-pronged approach enables SAP to:
- Proactively reduce security risks before vulnerabilities reach production.
- Enhance compliance and visibility of their security posture across multiple regions.
- Minimize the manual testing burden by automating some of the more repetitive and resource-intensive aspects of web application security, freeing up their experienced security teams to focus their time and effort where it matters most.
PortSwigger: The trusted partner for application security
For over 20 years, PortSwigger has been at the forefront of web application security, setting industry standards and equipping security professionals with best-in-class tools and resources.
- Empowering the security community: PortSwigger has a long history of providing cutting-edge knowledge as well as tooling. Its founder and Burp Suite creator, Dafydd Stuttard, authored The Web Application Hacker’s Handbook, one of the most influential books in web security, and created its de facto online successor, PortSwigger’s Web Security Academy. Both continue to serve as invaluable resources for aspiring bug bounty hunters and experienced penetration testers alike.
- World-renowned research: PortSwigger’s legendary research team continually pushes the boundaries of web security, uncovering new attack techniques and publishing groundbreaking findings. In 2024, they presented an unprecedented three original pieces of research at Black Hat and DEFCON, further solidifying their reputation as innovators in the field. This unmatched in-house expertise ensures that PortSwigger’s DAST scanner remains at the forefront of modern web security challenges.
Through the collaboration with SAP, PortSwigger will gain valuable insights into the security challenges of large-scale enterprise environments. This ongoing exchange of expertise will ensure that Burp Suite Enterprise Edition remains the most advanced and effective DAST solution for organizations operating at a global scale.