Network and application firewalls for cloud-connected organizations
Network firewall with SD-WAN for distributed networks.
Makes web browsing safe and preserves bandwidth.
Protect websites and applications from cyber-threats.
Ensure website and application performance and reliability.
Free scanner checks your website for potential vulnerabilities.
Make email safe for business with comprehensive protection of users, data, and your brand.
All-in-one email security, backup, and archiving service.
A.I.-based protection from spear phishing and email fraud.
Anti-phishing training and simulation platform.
Cloud-connected email security appliance.
Solutions for data retention, compliance, and eDiscovery
Locate, migrate, and eliminate Microsoft Outlook PST files.
Free tool to find threats already sitting in your inbox.
Cloud-integrated protection for business-critical data wherever it resides.
Add cloud-based backup and recovery to your Office 365. Protects emails and files from accidental and malicious data loss.
Barracuda's physical and virtual appliance solutions allow for fast deployment to on-premises and remote locations.
Barracuda's cloud-based security services reduce up-front costs and setup time.
Protect your websites, applications and data running in AWS with support for the AWS Shared Security Model. Metered billing and BYOL available.
Deploy Barracuda security solutions natively on Microsoft Azure. We support Azure best practices to cut deployment time.
Barracuda released the industry's first network firewall for GCP. Protect both on-premises and GCP assets from a single console.
Protect patient data, ensure access to health records, and defend against cyber threats.
Don't let your ecommerce site or POS fall victim to attacks or data theft. Ensure reliable connectivity for retail locations.
The financial services industry is a target by hackers looking to steal data and disrupt websites.
Barracuda products help your school achieve CIPA compliance and ensure a safe learning environment for students.
Government agencies rely on Barracuda for data protection and network security.
Barracuda manufactures all products in the United States and makes them available for purchase under GSA contracts.
Migrating your email to Office 365 raises a new set of security and network access challenges. Barracuda can help make the cloud safe for business.
Email compliance regulations and legal holds often require capabilities beyond the built-in features of Office 365.
Even with the best security and archiving tools, it is possible for the important email to be accidentally or maliciously deleted. Barracuda adds full backup and recovery of every Office 365 email using the secure Barracuda cloud.
Check out the current threat landscape based on millions of data points collected by Barracuda.
Protect all your threat vectors from zero-hour attacks with full sandboxing.Available for Cloud Generation Firewalls and Email Security solutions.
Detect, prevent, and recover from ransomware attacks.
If you do business in the European Union, Barracuda can help you achieve and maintain GDPR compliance.
Contact Support NowContact Support
Search for solutions to common problems.
Ask questions and share your knowledge with other Barracuda users.
Enroll in training classes that cover Barracuda products.
Tech alerts provide complete transparency regarding technical and security issues.
Browse and download product documentation.
Search the A to Z of cyber-security, email and networking terms.
Learn how Barracuda protects your data in our cloud data centers.
Barracuda Vulnerability Manager scans web applications only, so it will only target the web server it is pointed at. It does not scan your network
or infrastructure. For example, Vulnerability Manager will not target or scan layer 3 firewalls, VPN devices, email servers or devices, FTP
servers, phone systems, or any other network devices.
Barracuda Vulnerability Manager Vulnerability Type Reference.
Barracuda Vulnerability Manager detects many common web application vulnerabilities, including SQL Injection, Cross-Site Scripting (XSS), CrossSite
Request Forgery (CSRF), and others. For a more detailed list, see the “Barracuda Vulnerability Manager Vulnerability Type Reference.”
Barracuda Vulnerability Manager scans are performed from Barracuda’s data center in Southfield, Michigan. The IP range is 184.108.40.206/24
In order to scan the web application, Barracuda Vulnerability Manager will send specially crafted requests to your web server and analyze the
responses. Vulnerable servers will respond in ways that the scanner can detect, and we will report this to you. The requests Barracuda Vulnerability
Manager sends are specially designed not to cause any damage to your servers—they will only detect vulnerabilities, not exploit them
in any way.
During the scan, Barracuda Vulnerability Manager collects various information about your application; this information is used to increase accuracy
and find vulnerabilities in the application. This information may include data on the technologies and components in use by your
application, the structure of your application, as well as lists of pages, forms, fields, and cookies.
Barracuda Vulnerability Manager does not collect any personally identifiable information (PII) or records from your application’s database, whether
this information is publicly accessible or not. If Barracuda Vulnerability Manager finds a vulnerability that could compromise confidentiality of data
on your web application, it does not collect any of the data that could be compromised; instead, it only alerts you to the problem.
Barracuda Vulnerability Manager also does not collect the source code (whether client-side or server-side) of your application.
The length of the scan varies widely with the size of your application—from a few minutes up to multiple days. You can monitor the
progress of the scan from Barracuda Vulnerability Manager’s Active Scans screen. If you like, you can also limit the length of the scan; in this case,
you will only see the vulnerabilities that were found within this period of time. You can always cancel a currently running scan; again, you
will only see the vulnerabilities found until it was canceled.
The scan is specially engineered not to cause damage to your web application, web server, database, or network infrastructure.
During the scan process, the scanner submits all web forms found on your application a large number of times in order to test for
vulnerabilities. If you have unprotected forms that write data to a database or send emails based on form submissions, you may see a
large number of database records or emails sent during the scan. You can safely ignore or delete these records and/or emails; they do
not cause any damage.
Barracuda Vulnerability Manager has an automatic overload protection feature: If it detects high load on your web server, it will automatically reduce
the scan speed until high load is no longer detected. Regardless of overload protection, Barracuda Vulnerability Manager sends a maximum of 15
requests per second to your server. If you wish, you may adjust this number on the Crawling tab of the scan configuration dialog. For
example, you may want to increase this number if you are scanning a non-production server and want the scan to complete faster.
Barracuda Vulnerability Manager can scan any web application that is publicly accessible, regardless of where it is hosted. If any user on the internet
can enter your application’s URL and access it, it can be scanned.
Yes. Barracuda Vulnerability Manager can scan regardless of any load balancers or firewalls in front of the application, as long as the application is
No. Barracuda Vulnerability Manager will determine if your application could be hacked by a malicious attacker, but it will not hack your application.
In particular, Barracuda Vulnerability Manager will not cause your application to execute any harmful code, steal data from your application, or cause
it to crash.
No. While Barracuda Vulnerability Manager may store request and response data to help you locate vulnerabilities, your application’s data will not
be stored on Barracuda servers or accessible to Barracuda employees.
Scan reports are stored on specially designated servers in Barracuda’s dedicated data center. Only you can access your reports using your
Barracuda Cloud Control credentials. If you have regulatory requirements that your data be kept on physically separate servers, or onpremises,
please contact us to discuss on-premises options.
No. For security reasons and to prevent abuse, users must verify every domain they intend to scan, either through the Cloud Control
domain verification process or through Barracuda Vulnerability Manager itself. Users will be prompted to perform this verification process, which is
easy and just requires clicking a link in an email.
You should take immediate action to remediate vulnerabilities found by Barracuda Vulnerability Manager, especially those with High or Critical
The easiest way to remediate web application vulnerabilities is to use a Barracuda Web Application Firewall (WAF). Barracuda’s WAF
can import the results of a Barracuda Vulnerability Manager scan and automatically remediate all the vulnerabilities found by the scan. For more
information, see the Solution Brief, “Web Application Vulnerabilities: from Detection to Remediation.”
The information provided in Barracuda Vulnerability Manager’s report can also be used by your web application’s developers to find and fix the
problem manually in the application’s source code.
Please email BVM_Support@barracuda.com for support.