Get a free application, infrastructure and malware scan report - Scan Your Website Now

Managed WAF

Take the Application Security Quiz

Posted DateMarch 31, 2016
Posted Time 4   min Read

Recent web application security attacks happened.

Do you know about the recent bank cyber heist attempt in Bangladesh? Apparently, hackers tried to steal $951 million from the country’s account at the Federal Reserve Bank of New York. Although they were not able to get through with all the transactions, $81 million were still transferred in the Philippines.

So, why are we talking about it in the application security quiz? Well, banks spend around 90% of their security budget on perimeter security. Application security gets just the remaining 7-10%, which is insufficient given the number of attacks happening every year.

In fact, the scenario is more or less the same for other sectors too. According to the ‘Ponemon Application Security Risk Management Report’, a large part of the problem is underestimating and risks and wrong perceptions of how attackers exploit weakness within Layer 7. This quiz aims to raise awareness of some of the most burning issues.

Question 1) What is the cost of carrying out an application DDoS attack on an average website?

  1. $5,000
  2. $200
  3. $500
  4. $10,000

Answer: (b)

As unlikely it may seem, anyone can hire bots and use cloud machines to carry out full-fledged distributed denial of service attacks powerful enough to shut the server down. For $200-250, anyone including rivals and employees can cause severe damage.

Unfortunately, there is no absolute protection against DDoS attacks. Massive traffic surges can happen from any part of the world and you can’t keep universal blocking rules of all of them. Learn more about it at “Deadly App DDoS and How to Stop It”.

Question 2) On average, how many days financial companies take to fix found vulnerabilities?

  1. 1 day
  2. 15 days
  3. 150 days
  4. 175 days

Answer: (d)

Financial companies are bound by resource, time, and compliance issues before they can even think of fixing found issues. Surprisingly, that’s why the 2015 State of Vulnerability Risk Management showed that financial companies take around 176 days to fix a security vulnerability.

Remediation can take time. The next best thing is to patch vulnerabilities virtually so that the attackers cannot exploit them. Indusface Web Application Firewall can help secure vulnerabilities instantly.

Is Your Application Bullet Proof? Take the Quiz.

Question 3) What is the top vulnerability leading to data breaches?

  1. SQL Injection
  2. Cross-Site Scripting
  3. Cross-Site Request Forgery
  4. Sensitive Data Exposure

Answer: (a)

SQL Injection has been accounted for around 97% of the data breaches across the globe. Although this application vulnerability was detected 15 years ago, it still tops the OWASP 10 list. While detecting SQLi is fairly simple, protecting the website against exploitation is difficult. You can read more about it at “All You Need to Know About SQL Injection“.

Question 4) How many malware exist?

  1. 40
  2. 4,000
  3. 4 million
  4. 400 million

Answer: (d)

Currently, there are 500 million different identified malware. Out of these, 30 million were found recently. Every day, the malware count is increasing exponentially and if your application security is unable to keep up with the newly-found threats, chances are that your business will face exploitation sooner or later.

Is Your Application Bullet Proof? Take the Quiz.

Question 5) How do security professionals rate their management’s application security outlook?

  1. Very well informed of the risks
  2. Fairly informed
  3. Informed
  4. Underestimate risks

Answer: (d)

Ponemon Institute’s Application Security Risk Management Report shockingly revealed that 60% of the respondents thought that their management underestimates potential security risks. In fact, they also agreed that this risk outlook jeopardizes their ability to fight attackers.

Question 6) What is the highest loss component attributed to data breaches?

  1. Customer acquisition spending
  2. Reputation damage
  3. Lost business
  4. Lost business

Answer: (d)

According to the Ponemon Institute’s 2014 Cost of Data Breach Study, organizations in the United States suffer the highest due to loss of business after a publicized data breach incident. The damage is calculated to up to $3.3 million for US organizations and $400 thousand for Indian companies.

Question 7) What size of companies are more likely to be exploited?

  1. Large and enterprise companies
  2. Startups, cloud, and medium-sized companies

Answer: (b)

While it’s a common understanding that large companies have a higher number of records that are more likely to be hacked, statistics show otherwise. The probability of data breach is considerably higher for companies dealing with 10, 000 records as opposed to ones with 100, 000 record or more. Higher application security standards and spending in enterprise organizations explain the data.

Is Your Application Bullet Proof? Take the Quiz.

Question 8) Around 70% of the cyberattacks happen at which layer?

  1. Network layer
  2. Session layer
  3. Data Link layer
  4. Application layer

Answer: (b)

According to information technology research giant Gartner, 70% of all cyberattacks occur at the application layer. As we already mentioned, only 10% of the IT security budget is allotted to application security as management teams remain ignorant of the risks.

Indusface Application Security Awareness Campaign

The way attackers are exploiting application-layer vulnerabilities, it will be mandatory for not only security professionals but also managed to learn more about it. Indusface has taken the initiative of raising awareness on the basic issues. Here is the list of our top articles to help you start.

  • OWASP Top 10, Hacking, and Business Impact: Business Manager Series – Part 1
  • OWASP Vulnerabilities and Attacks Simplified: Business Manager Series – Part 2
  • OWASP Part 3: Mobile Application Risks
  • OWASP Part 4: Mobile Application Risks
  • Once Frank Survived a DDoS Attack

And if you are looking for complete application security, Indusface Total Application Security can help scan application vulnerabilities with web application scanning, prevent hacking attempts with web application firewalls, and continuously monitor for emerging threats and DDoS attacks to mitigate them.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Key Components to Consider When Kicking off AppSec Program
Key Components To Consider When Kicking Off Your AppSec Program

AppSec Program/ Application Security Program is a set of seamless processes, business functions, and risk-mitigating controls and services that support the discovery, remediation, and prevention of vulnerabilities in the application..

Read More
2020 Reflections and 2021 Predictions for Application Security

If we ask anyone about the top global stories of 2020, they will likely begin with the Covid-19 outbreak. For most businesses, the biggest earthquake was the forced adoption of.

Read More
How to Fortify Application Security
How to Fortify Web Application Security In 2020?

Strengthening web application security is extremely important for every business. Here are 6 web application security best practices in 2020.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!