Do you know about the recent bank cyber heist attempt in Bangladesh? Apparently, hackers tried to steal $951 million from country’s account at the Federal Reserve Bank of New York. Although they were not able to get through with all the transactions, $81 million were still transferred in the Philippines.

So, why are we talking about it in the application security quiz? Well, banks spend around 90% of their security budget on perimeter security. Application security gets just the remaining 7-10%, which is insufficient given the number of attacks happening every year.

In fact, the scenario is more or less same for other sectors too. According to the ‘Ponemon Application Security Risk Management Report’, a large part of the problem is underestimating and risks and wrong perceptions of how attackers exploit weakness within the Layer 7. This quiz aims to raise awareness on some of the most burning issues.

Question 1) What is the cost of carrying out an application DDoS attack on an average website?

  1. $5,000
  2. $200
  3. $500
  4. $10,000

Answer: (b)

As unlikely it may seem, anyone can hire bots and use cloud machines to carry out full-fledged distributed denial of service attacks powerful enough to shut the server down. For $200-250, anyone including rivals and employees can cause severe damage.

Unfortunately, there is no absolute protection against DDoS attack. Massive traffic surges can happen from any part of the world and you can’t keep universal blocking rules of all of them. Learn more about it at “Deadly App DDoS and How to Stop It”.

Question 2) On an average, how many days financial companies take to fix found vulnerabilities?

  1. 1 day
  2. 15 days
  3. 150 days
  4. 175 days

Answer: (d)

Financial companies are bound by resource, time, and compliance issues before they can even think of fixing found issues. Surprisingly, that’s why the 2015 State of Vulnerability Risk Management showed that financial companies take around 176 days to fix security vulnerability.

Remediation can take time. The next best thing is to patch vulnerabilities virtually so that the attackers cannot exploit them. Indusface Web Application Firewall can help secure vulnerabilities instantly.

Is Your Application Bullet Proof? Take the Quiz.

Question 3) What is the top vulnerability leading to data breaches?

  1. SQL Injection
  2. Cross Site Scripting
  3. Cross Site Request Forgery
  4. Sensitive Data Exposure

Answer: (a)

SQL Injection has been accounted for around 97% of the data breaches across the globe. Although this application vulnerability was detected 15 years ago, it still tops the OWASP 10 list. While detecting SQLi is fairly simple, protecting website against exploitation is difficult. You can read more about it at “All You Need to Know About SQL Injection”.

Question 4) How many malware exist?

  1. 40
  2. 4,000
  3. 4 million
  4. 400 million

Answer: (d)

Currently, there are 500 million different identified malware. Out of these, 30 million were found recently. Every day, the malware count is increasing exponentially and if your application security is unable to keep up with the newly-found threats, chances are that your business will face exploitation sooner or later.

Is Your Application Bullet Proof? Take the Quiz.

Question 5) How do security professionals rate their management’s application security outlook?

  1. Very well informed of the risks
  2. Fairly informed
  3. Informed
  4. Underestimate risks

Answer: (d)

Ponemon Institute’s Application Security Risk Management Report shockingly revealed that 60% of the respondents thought that their management underestimate potential security risks. In fact, they also agreed that this risk outlook jeopardizes their ability to fight attackers.

 

Question 6) What is the highest loss component attributed to data breaches?

  1. Customer acquisition spending
  2. Reputation damage
  3. Lost business
  4. Lost business

Answer: (d)

According to Ponemon Institute’s 2014 Cost of Data Breach Study, organizations in the United States suffer highest due to loss of business after a publicized data breach incident. The damage is calculated to up to $3.3 million for US organizations and $400 thousand for Indian companies.

Question 7) What size of companies are more likely to be exploited?

  1. Large and enterprise companies
  2. Startups, cloud, and medium sized companies

Answer: (b)

While it’s a common understanding that large companies have higher number of records are more likely to be hacked, statistics show otherwise. Probability of data breach is considerably higher for companies dealing with 10, 000 records as opposed to ones with 100, 000 record or more. Higher application security standards and spending in enterprise organizations explains the data.

Is Your Application Bullet Proof? Take the Quiz.

Question 8) Around 70% of the cyberattacks happen at which layer?

  1. Network layer
  2. Session layer
  3. Data Link layer
  4. Application layer

Answer: (b)

According to information technology research giant Gartner, 70% of all cyberattacks occur at the application layer. As me already mentioned, only 10% of the IT security budgets is allotted to application security as management teams remain ignorant of the risks.

Indusface Application Security Awareness Campaign

The way attackers are exploiting application-layer vulnerabilities, it will be mandatory for not only security professionals but also management to learn more about it. Indusface has taken the initiative of raising awareness on the basic issues. Here is the list of our top articles to help you start.

And if you are looking for complete application security, Indusface Total Application Security can help scan application vulnerabilities with web application scanning, prevent hacking attempts with web application firewall, and continuously monitor for emerging threats and DDoS attacks to mitigate them.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.