Earlier this year we announced the release of the Barracuda Vulnerability Manager. This is a tool that is used to assess vulnerabilities in websites and applications, and is easily integrated with the Barracuda Web Application Firewall. It is available to Barracuda customers and authorized resellers at no cost for a limited time.
To get started with the Barracuda Vulnerability Manager, log in to your Barracuda Cloud Control account and select ‘Vulnerability Manager' from the main menu. If this is your first time accessing the service, you will have to follow the steps to “connect to the service” in order to continue. This is just a matter of entering some basic information such as phone number, country, and postal code. After you've done that, the service will be available whenever you log in to Barracuda Cloud Control.
To start a new scan, select the ‘new scan' button and enter your configuration details:
Once your scan gets started, it will show up in the Active Scans tab:
When the scan is finished, you'll see screens like this:
The data returned by the scan will help you identify, assess, and mitigate web application security risks, including the following:
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Other risks identified by the Open Web Application Security Project (OWASP)
The Barracuda Web Application Firewall (WAF) can be used to mitigate the risks identified by the Barracuda Vulnerability Manager. The WAF will create one or more security policy recommendations based on the scan report that it imports from the Vulnerability Manager. The administrator then has the option to apply the recommendations in order to mitigate the reported vulnerabilities.
More information on the Barracuda Vulnerability Manager and the Barracuda Web Application Firewall :
- Barracuda Vulnerability Manager – Barracuda Campus
- Barracuda WAF – Mitigating Website Vulnerabilities using Vulnerability Scanners
- Barracuda Web Application Firewall corporate site