Introducing the Barracuda Vulnerability Manager

Earlier this year we announced the release of the Barracuda Vulnerability Manager.  This is a tool that is used to assess vulnerabilities in websites and applications, and is easily integrated with the Barracuda Web Application Firewall.  It is available to Barracuda customers and authorized resellers at no cost for a limited time.

To get started with the Barracuda Vulnerability Manager, log in to your Barracuda Cloud Control account and select 'Vulnerability Manager' from the main menu.  If this is your first time accessing the service, you will have to follow the steps to "connect to the service" in order to continue.  This is just a matter of entering some basic information such as phone number, country, and postal code.  After you've done that, the service will be available whenever you log in to Barracuda Cloud Control.

To start a new scan, select the 'new scan' button and enter your configuration details:

 Proceed through each of the tabs and fill out the forms completely.  This will tell the software what to scan, how to authenticate, when to get started, etc.  You can get details on all of your options here in Barracuda Campus.

Once your scan gets started, it will show up in the Active Scans tab:

The Barracuda Vulnerability Manager is going to scan publicly accessible web applications, regardless of where it is hosted.  It can scan servers that are located on-premises, co-located, or in a public cloud.  The scanner will target web servers based on your configuration.  It will not scan your network or infrastructure.

When the scan is finished, you'll see screens like this:




The data returned by the scan will help you identify, assess, and mitigate web application security risks, including the following:

• SQL Injection


• Cross-Site Scripting (XSS)


• Cross-Site Request Forgery (CSRF)


• Other risks identified by the Open Web Application Security Project (OWASP)

The data is presented on your dashboard and through customizable reports:

 


The Barracuda Web Application Firewall (WAF) can be used to mitigate the risks identified by the Barracuda Vulnerability Manager.  The WAF will create one or more security policy recommendations based on the scan report that it imports from the Vulnerability Manager.  The administrator then has the option to apply the recommendations in order to mitigate the reported vulnerabilities.

More information on the Barracuda Vulnerability Manager and the Barracuda Web Application Firewall :

• Barracuda Vulnerability Manager - Barracuda Campus


• Barracuda WAF - Mitigating Website Vulnerabilities using Vulnerability Scanners


• Barracuda Web Application Firewall corporate site