Scan Configuration

Use the Scan Configuration page to configure and start a new vulnerability scan. Once you are satisfied with the scan settings, click Start Scan.

Scan Configuration

• Scan Name
  Enter a name for the scan for your reference.
• URL to Scan
  Enter the name of the URL of the website you want to scan. If the entered URL is not yet verified, you are prompted to enter a verification email address.
  For more information on verification, refer to Understanding Verification in Barracuda Campus.

General

• When to Scan
  Select when you want to scan the website:
  • Start scan immediately
    When selected, the scan begins once you click Start Scan.
  • Start scan at this time
    Specify the date and time that the scan is to start. Note that all times are shown in your local time zone. To change your time zone, visit the Barracuda Cloud Control Profile page.
• Maximum Length of Scan (Hours)
  Enter the maximum amount of time you would like the scan to run for. If the scan does not complete after this long, it will abort and you will get only partial results.
• Email Report
  Select to send a notification email when the scan is complete.
• Email Address
  Enter the email address that is to receive the notification email when the scan is complete.
• Barracuda may contact me about the results of this scan
  Barracuda may contact you when the scan is complete to help you understand the report and mitigate any vulnerabilities found. If you do not want to be contacted, clear this check box.

Crawling

• Scan Desktop Site
  Select if you would like to scan the desktop version of your site. Select the browser you want the scanner to simulate.
• Scan Mobile Site
  Select if you would like to scan the mobile version of your site. Select the type of device you want the scanner to simulate.
• Scan using a custom browser
  If you would like to simulate a particular browser (desktop or mobile), select this option and enter a custom User-Agent header.
• Requests per second
  Enter the number of requests per second that the scanner is allowed to make. A higher value completes the scan faster but may cause more load on your web server. Enter 0 to make requests as fast as the server can handle them; not recommended for production servers.
• Maximum crawl depth
  Enter the maximum number of links you would like the scanner to follow from the start page. For example, if you enter 0, the scanner will only scan the start page. If you enter 1, the scanner will scan the start page and any pages linked directly from it.
• Enable evasion techniques
  When enabled, the scanner attempts to "confuse" sanitizing or filtering code in your web application.

Authentication

• No authentication
  When selected, these areas of your website are not scanned.
• HTTP authentication
  When selected, areas of your website requiring login credentials are scanned. Select the HTTP authentication type used by your website as Basic or Digest, and then enter the associated user credentials.
• HTTP form-based authentication
  Select if your web application has a standard HTML login form that submits to the web server using HTTP POST, and then enter the associated Username/Password credentials.
• Login form URL
  Enter the URL of your login form, and then click Autodetect to attempt to detect the form parameters.
• HTML Form Parameters
  If you clicked Autodetect, these features will populate automatically.
  If you did not use Autodetect, enter the Form submission URL, Username/Password parameter name, and Login test URL/value.
• Test Authentication
  Click to test the authentication parameters provided. You must test authentication before starting the scan.

Exclusions