Barracuda Vulnerability Manager: Discover your app vulnerabilities

My father used to use the aphorism: “There are many ways to skin a cat.” But he would add his own coda: “And the worst way is to cut off the tip of the tail and suck out the insides.” Which does sound really bad.

Similarly, there are many ways to discover which of your applications are vulnerable to attack and the specific type of vulnerabilities they have. And the worst way is to suffer a catastrophic data breach, ransomware-based extortion, or severe operational disruptions initiated by criminals exploiting those vulnerabilities.

Fortunately, there’s a much better way: Barracuda Vulnerability Manager, our free app vulnerability scanner.

Are your applications vulnerable?

Unless you use an advanced web application firewall (like Barracuda Application Protection) that is configured correctly and kept up to date, there’s a very good chance that you have at least some vulnerabilities in your public-facing applications.

Especially in today’s business environment, where it’s critical to get new and updated apps into production as fast as possible, it’s all too easy for DevOps teams to publish applications that are vulnerable to at least one of the most common app-based attacks.

In addition, the increasing use of third-party code in app development means that vulnerabilities can be unwittingly imported into your apps via compromised software supply chains.

The crooks out there know that vulnerabilities are common, and they devote lots of resources to probing web applications in search of opportunities to exploit flaws. This activity is currently on the rise, partly in response to the increasing difficulty of using email to penetrate target networks. Although email remains the most popular attack vector, app-based attacks are increasing.

How to use Barracuda Vulnerability Manager

Barracuda Vulnerability Manager is a free service that anyone can use with no cost or obligation. Simply provide the information it needs to access your application servers — on-premises, co-located, virtual, or in the cloud — and it will scan your applications for a very broad array of vulnerabilities, including the OWASP Top 10 and many others.

It will then deliver a detailed report that lists all the vulnerabilities it has discovered, giving you the information your IT and dev teams need to remediate them and eliminate the risk they represent.

WAF integration

Barracuda Vulnerability Manager is fully integrated with Barracuda Application Protection, our comprehensive web application and API protection solution. It uses the same scanning technology to identify application vulnerabilities, and then uses the output — the same report you get when you use the free service — as a configuration file to automatically remediate any discovered vulnerabilities.

In fact — brace yourself, I’m about to give you a shocking glimpse of what’s behind the veil of marketing — helping you fix your vulnerable apps is not the only reason we make Vulnerability Manager available at no charge. We also hope that once you’ve used it, you may decide to request a free trial of Barracuda Application Protection, in order to automatically remediate the vulnerabilities in your report.

And then, once you see how Barracuda Application Protection delivers comprehensive protection against web and API threats, DDoS, advanced bots, zero-day threats, and more — all through an amazingly easy-to-use interface — you’ll decide to upgrade to a permanent subscription. Pretty clever, right?

Got worries? Get answers.

Barracuda Vulnerability Manager performs its scan by sending specially crafted requests to your apps and analyzing the responses. Vulnerable servers respond in ways that the scanner can detect. But that may raise some concerns for you:

• Can the scanner overload my server with too many requests?
• What data does the scanner collect?
• Where is collected data stored?
• Is the scanner “hacking” my applications?
• How are reports kept confidential?

As a general answer, I’ll just say that Barracuda Vulnerability Scanner is designed to ensure the highest level of security, confidentiality, and compliance for all users. But you can find detailed answers to these and other questions on our dedicated Vulnerability Manager FAQ page.

Don’t go another day without knowing exactly what app vulnerabilities are exposing you to risk. Scan your apps today.