Architecture overview (Standard) – PortSwigger

Burp Scanner
Burp Suite’s web vulnerability scanner
Product comparison
What’s the difference between Pro and Enterprise Edition?
Downloads
Download the latest version of Burp Suite.
DAST
Last updated: July 17, 2025
Read time: 2 Minutes
The following diagram shows the core components of Burp Suite DAST and the connections between them.
The DAST server is the main application server. It coordinates between the other components. The DAST server is always installed on the same machine as the web server.
The web server provides the interface to users either via the web UI or one of the APIs. The web server is always installed on the same machine as the DAST server.
Burp Suite DAST uses a SQL database to store all the application data, including scan data. You can use one of the following options:
Burp Suite DAST installs the following services on your machine:
* burpsuiteenterpriseedition_db.service is only installed if you’re using an embedded database rather than your own external one.
For standard instances, scans run on a scanning machine. You can install the scanning component on the same machine as the server, or you can deploy external scanning machines on which your scans can run.
The number of scanning machines you need depends on how many concurrent scans your organization wants to run:
After deployment, you can group scanning machines into scanning pools, which gives you greater control over scanning resources.
Next step – Single vs. multi-machine architecture
Burp Suite
Vulnerabilities
Customers
Company
Insights
© 2025 PortSwigger Ltd.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.