PortSwigger and SAP forge strategic partnership to enhance enterprise web security

In today’s rapidly evolving digital landscape, securing web applications at scale is a challenge, even for the most well-resourced organizations. Large enterprises operate thousands of applications and APIs across complex cloud environments, requiring robust and scalable security solutions to stay ahead of evolving threats.

That’s why PortSwigger is proud to announce a strategic partnership with SAP, a global leader in enterprise software solutions. SAP has chosen PortSwigger’s Burp Suite Enterprise Edition as its preferred Dynamic Application Security Testing (DAST) solution to enhance the security of its vast web application portfolio. But this partnership goes beyond implementation—SAP will continue to provide critical insights that will shape the evolution of Burp Suite Enterprise Edition, helping PortSwigger optimize their DAST solution for the unique security challenges faced by global enterprises.

Why SAP chose PortSwigger

As one of the world’s most trusted enterprise software providers, SAP offers a diverse portfolio of business-critical applications, from SAP Ariba and SAP Business Technology Platform (BTP) to SAP HANA Cloud and SAP Analytics Cloud. These platforms power the day-to-day operations of thousands of enterprises worldwide. Ensuring their security is paramount.

SAP Sovereign Cloud Services (SCS) needed a DAST solution capable of:

• Securing a massive, distributed, and complex cloud environment across multiple regions, including Australia, Canada, the United States, and the United Kingdom.
• Automating security testing at scale while integrating seamlessly into SAP’s development pipelines.
• Providing the highest level of accuracy to minimize false positives and support compliance with stringent regional security requirements.

After extensive evaluation, SAP selected Burp Suite Enterprise Edition for its industry-leading accuracy, efficiency, and scalability. Built on the same proprietary scanning engine that powers Burp Suite Professional—the gold-standard toolkit for manual penetration testing, trusted by over 80,000+ AppSec professionals in 17,000+ organizations worldwide—PortSwigger’s DAST solution offers an unrivaled level of precision.

Security at scale: Meeting the demands of global enterprises

In addition to running regular, automated scans, with Burp Suite Enterprise Edition, SAP has also been able to integrate automated security testing into its CI/CD pipelines, ensuring continuous protection without slowing down innovation. This two-pronged approach enables SAP to:

• Proactively reduce security risks before vulnerabilities reach production.
• Enhance compliance and visibility of their security posture across multiple regions.
• Minimize the manual testing burden by automating some of the more repetitive and resource-intensive aspects of web application security, freeing up their experienced security teams to focus their time and effort where it matters most.

PortSwigger: The trusted partner for application security

For over 20 years, PortSwigger has been at the forefront of web application security, setting industry standards and equipping security professionals with best-in-class tools and resources.

• Empowering the security community: PortSwigger has a long history of providing cutting-edge knowledge as well as tooling. Its founder and Burp Suite creator, Dafydd Stuttard, authored The Web Application Hacker’s Handbook, one of the most influential books in web security, and created its de facto online successor, PortSwigger’s Web Security Academy. Both continue to serve as invaluable resources for aspiring bug bounty hunters and experienced penetration testers alike.
• World-renowned research: PortSwigger’s legendary research team continually pushes the boundaries of web security, uncovering new attack techniques and publishing groundbreaking findings. In 2024, they presented an unprecedented three original pieces of research at Black Hat and DEFCON, further solidifying their reputation as innovators in the field. This unmatched in-house expertise ensures that PortSwigger’s DAST scanner remains at the forefront of modern web security challenges.

Through the collaboration with SAP, PortSwigger will gain valuable insights into the security challenges of large-scale enterprise environments. This ongoing exchange of expertise will ensure that Burp Suite Enterprise Edition remains the most advanced and effective DAST solution for organizations operating at a global scale.

Ready to strengthen your web application security?

If you’re struggling to scale with your current DAST solution—or if you’re still relying solely on manual testing or static analysis—it’s time to look at what Burp Suite Enterprise Edition can do for you.

Whether you need to secure a complex cloud environment, integrate security into a DevSecOps workflow, or deploy the most accurate DAST scanning technology available, reach out to our team today to learn how Burp Suite Enterprise Edition can transform your AppSec operations.

For more information, visit portswigger.net.