2 months ago
Executive Summary Report Now Available!
by Vishal Khandelwal, PM
Exciting news! We've launched the Executive Summary Report – your comprehensive report for application security insights at a glance! The Executive Summary Report makes it easier than ever to demonstrate the value of WAF-as-a-Service inabout 1 year ago
App Groups
by Scott Treacy
After several months of development, we are very pleased to announce the availability of App Groups. This is a significant new feature that allows you to group applications together with common Resources. For example a staging group of
over 1 year ago
Session Recording
by Scott Treacy
New
Announcement
Improvement
This past weekend we introduced Session Recording for troubleshooting layer-7 application problems when passing traffic through the WAF-as-a-Service datapath proxies. Those of you who have previously used the Barracuda WAF appliances will
over 1 year ago
Vulnerability Mapping
by Scott Treacy
New
Announcement
Improvement
We are pleased to announce that we have released Vulnerability mapping for Common Weakness Enumeration (see above) and several OWASP awareness standards (see below) for log entries in WAF-as-a-Service. The Vulnerability mapping is
over 1 year ago
Security Advisory
by Vishal Khandelwal
We are hardening WAF-as-a-Service to protect against two design limitations and associated vulnerabilities, discovered in the previous firmware. When an application is in Block mode, under certain configurations is may be possible toover 1 year ago
Application Page improvments
by Scott Treacy
New
Announcement
Improvement
This weekend we are introducing some minor changes to the Applications page which are in preparation for several new features we will be releasing in the coming months. The most prominent of these introduces a default Production group with
over 2 years ago
OpenSSL Vulnerabilities (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217 and CVE-2023-0401)
by Scott Treacy
OpenSSL have announced a new security advisory. Please see Barracuda Campus for the latest news on this advisory. 
over 2 years ago
Claroty JSON SQLi Vulnerabilities
by Scott Treacy
The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors...over 2 years ago
OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
by Scott Treacy
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory,