Information security engineers at large enterprises face the need to automate web application scanning. However, it is hard to find flexible and customizable product on the market. In this paper, we will explain how to make a great automation tool based on Burp Suite, a popular tool for manual finding of vulnerabilities, and how to introduce it to the secure software development cycle. We will discuss the role duplication and modern front-end technologies play in web application scanning. We will share experience on writing customizable modules (plug-ins) featuring individual scans. You will understand the issues we faced as well as advantages and disadvantages of the solution.