Barracuda Vulnerability Manager and Remediation Service

Der schnellste Weg, um Ihre Web-Applikationen zu schützen
Kostenloser Webseiten-Scan

Häufig gestellte Fragen

What does Barracuda Vulnerability Manager scan?

Der Barracuda Vulnerability Manager scannt nur Webanwendungen, sodass er nur auf den Webserver abzielt, auf den er angesetzt wird. Er scannt weder Ihr Netzwerk noch Ihre Infrastruktur Der Vulnerability Manager zielt beispielsweise nicht auf Layer-3-Firewalls, VPN-Geräte, E-Mail-Server oder -Geräte, FTP-Server, Telefonsysteme oder andere Netzwerkgeräte ab und scannt diese auch nicht.

Welche Arten von Schwachstellen erkennt der Barracuda Vulnerability Manager?

Barracuda Vulnerability Manager Vulnerability Type Reference.

Barracuda Vulnerability Manager detects many common web application vulnerabilities, including SQL Injection, Cross-Site Scripting (XSS), CrossSite Request Forgery (CSRF), and others. For a more detailed list, see the “Barracuda Vulnerability Manager Vulnerability Type Reference.”

Where are the scans performed from?

Barracuda Vulnerability Manager scans are performed from Barracuda’s data center in Southfield, Michigan. The IP range is 64.235.153.0/24

Wie wird der Scan durchgeführt?

Um die Webanwendung zu scannen, sendet der Barracuda Vulnerability Manager speziell gestaltete Anfragen an Ihren Webserver und analysiert die Antworten. Anfällige Server reagieren auf eine Weise, die der Scanner erkennen kann und wir werden Ihnen dies melden. Die Anfragen, die der Barracuda Vulnerability Manager sendet, sind speziell so konzipiert, dass sie keinen Schaden an Ihren Servern anrichten – sie erkennen Schwachstellen lediglich und nutzen diese in keiner Weise aus.

What data does Barracuda Vulnerability Manager collect during the scan?

During the scan, Barracuda Vulnerability Manager collects various information about your application; this information is used to increase accuracy and find vulnerabilities in the application. This information may include data on the technologies and components in use by your application, the structure of your application, as well as lists of pages, forms, fields, and cookies.

Barracuda Vulnerability Manager does not collect any personally identifiable information (PII) or records from your application’s database, whether this information is publicly accessible or not. If Barracuda Vulnerability Manager finds a vulnerability that could compromise confidentiality of data on your web application, it does not collect any of the data that could be compromised; instead, it only alerts you to the problem.

Barracuda Vulnerability Manager also does not collect the source code (whether client-side or server-side) of your application.

Wie lange dauert ein Scan?

The length of the scan varies widely with the size of your application—from a few minutes up to multiple days. You can monitor the progress of the scan from Barracuda Vulnerability Manager’s Active Scans screen. If you like, you can also limit the length of the scan; in this case, you will only see the vulnerabilities that were found within this period of time. You can always cancel a currently running scan; again, you will only see the vulnerabilities found until it was canceled.

What are the risks of running the scan?

The scan is specially engineered not to cause damage to your web application, web server, database, or network infrastructure. During the scan process, the scanner submits all web forms found on your application a large number of times in order to test for vulnerabilities. If you have unprotected forms that write data to a database or send emails based on form submissions, you may see a large number of database records or emails sent during the scan. You can safely ignore or delete these records and/or emails; they do not cause any damage.

Will the scan overload my web server?

Barracuda Vulnerability Manager has an automatic overload protection feature: If it detects high load on your web server, it will automatically reduce the scan speed until high load is no longer detected. Regardless of overload protection, Barracuda Vulnerability Manager sends a maximum of 15 requests per second to your server. If you wish, you may adjust this number on the Crawling tab of the scan configuration dialog. For example, you may want to increase this number if you are scanning a non-production server and want the scan to complete faster.

Can I scan applications hosted on public cloud servers, on-premises, collocated, etc.?

Barracuda Vulnerability Manager can scan any web application that is publicly accessible, regardless of where it is hosted. If any user on the internet can enter your application’s URL and access it, it can be scanned.

Can I scan applications that are behind a load balancer or firewall?

Yes. Barracuda Vulnerability Manager can scan regardless of any load balancers or firewalls in front of the application, as long as the application is publicly accessible.

Will Barracuda Vulnerability Manager “hack” my application in order to detect vulnerabilities?

No. Barracuda Vulnerability Manager will determine if your application could be hacked by a malicious attacker, but it will not hack your application. In particular, Barracuda Vulnerability Manager will not cause your application to execute any harmful code, steal data from your application, or cause it to crash.

Will Barracuda employees have access to my application’s data?

No. While Barracuda Vulnerability Manager may store request and response data to help you locate vulnerabilities, your application’s data will not be stored on Barracuda servers or accessible to Barracuda employees.

Are scan reports stored in Barracuda’s cloud? How can you ensure the reports remain confidential?

Scan reports are stored on specially designated servers in Barracuda’s dedicated data center. Only you can access your reports using your Barracuda Cloud Control credentials. If you have regulatory requirements that your data be kept on physically separate servers, or onpremises, please contact us to discuss on-premises options.

Kann jeder, der Zugang zum Barracuda Vulnerability Manager hat, meine Anwendung scannen?

Nein. Aus Sicherheitsgründen und zur Vermeidung von Missbrauch müssen Benutzer jede Domäne, die sie zu scannen beabsichtigen, verifizieren, was entweder über den Domänen-Verifizierungsprozess von Cloud Control oder ´über den Barracuda Vulnerability Manager selbst möglich ist. Benutzer werden aufgefordert, diesen einfachen Verifizierungsprozess durchzuführen, der lediglich das Anklicken eines Links in einer E-Mail erfordert.

Barracuda Vulnerability Manager found a vulnerability on my application. What should I do?

You should take immediate action to remediate vulnerabilities found by Barracuda Vulnerability Manager, especially those with High or Critical severity levels.

The easiest way to remediate web application vulnerabilities is to use a Barracuda Web Application Firewall (WAF). Barracuda’s WAF can import the results of a Barracuda Vulnerability Manager scan and automatically remediate all the vulnerabilities found by the scan. For more information, see the Solution Brief, “Web Application Vulnerabilities: from Detection to Remediation.”

The information provided in Barracuda Vulnerability Manager’s report can also be used by your web application’s developers to find and fix the problem manually in the application’s source code.

Wie kann ich den Support kontaktieren?

Please email BVM_Support@barracuda.com for support.

Bei weiteren Fragen wenden Sie sich bitte an Barracuda Networks unter +1 888 268 4772.
Überblick > Dokumentation >