42Crunch And Microsoft’s Defender for Cloud Partner to Deliver End-to-End API Security

42Crunch and Microsoft integrate services to help enterprises adopt a full-lifecycle approach to API security

San Francisco, CA, November 15, 2023   – Today 42Crunch, the API DevSecOps platform, announced the integration of 42Crunch’s API security audit and vulnerability testing solution with Microsoft Defender for Cloud to provide Microsoft customers continuous API protection from design to runtime. Cloud applications are increasingly API-centric, with APIs at the core of data exchange. Inherently, APIs are easy to expose, but difficult to defend and traditional application security solutions are not optimized to protect APIs. Increasingly high profile attacks on APIs have resulted in data breaches, leading to loss of sensitive data as well as reputational harm. 42Crunch and Microsoft have announced this partnership to enable developers to find and fix API vulnerabilities while giving security teams centralized governance across their APIs.

With Microsoft Defender for APIs, an offering as part of Microsoft Defender for Cloud – a cloud-native application protection platform, organizations can improve their security posture and quickly detect active real-time threats. Together with 42Crunch, development teams will be able to “shift left” by testing their APIs for security vulnerabilities earlier on in the development lifecycle. By combining insights and security findings from both solutions within the Defender for Cloud platform, security teams will have broad visibility and governance of the risks associated with their APIs from design to runtime. Additionally, operations teams will be able to leverage the native workflow capabilities of Defender for Cloud to accelerate remediation efforts.

Key challenges according to Gartner ® are “Protecting web APIs with general purpose application security solutions alone continues to be ineffective. Each new API represents an additional and potentially unique attack vector into your systems. Gartner recommend enterprises “adopt a continuous approach to API security across the API development and delivery cycle, designing security into APIs. Include API security testing and the creation and application of reusable API security policies.”1

Jacques Declas, CEO of 42Crunch, welcomed the announcement saying “This partnership between Microsoft and 42Crunch validates our common vision of providing customers globally with a true DevSecOps solution to protect their digital assets from an ever growing array of attacks.” “It is well recognized that an effective API security strategy must start early in the software development lifecycle. This partnership between 42Crunch and Microsoft will enable customers to define, implement, and enforce API security compliance and governance across their API estate at scale,” added Declas.

“Today’s announcement strengthens Microsoft’s CNAPP solution, Defender for Cloud, by expanding its capabilities to provide comprehensive API security coverage across the entire API development lifecycle. Our partnership with 42Crunch enhances Defender for Cloud’s existing runtime API security capabilities by bringing added visibility into potential vulnerabilities that may be introduced through your DevOps pipeline,” said Vlad Korsunsky, Vice President of Cloud and Enterprise Security at Microsoft. “Together with 42Crunch, we bridge the gap of API security from development to runtime and empower security teams to exercise governance over their API ecosystem throughout the development lifecycle.”

For a detailed description of how the 42Crunch API Security platform integrates with Microsoft Defender for Cloud read the onboarding guide article HERE

This new integration is available today in public preview for customers of Microsoft Defender for Cloud using GitHub, with Azure DevOps support to come. Additionally, customers can purchase 42Crunch through the Microsoft Commercial Marketplace.

About 42Crunch
42Crunch enables a standardized approach to securing APIs that automates the enforcement of API security compliance across distributed development and security ecosystems. Our API security testing and protection services are used by Fortune 500 enterprises and over 1 million developers worldwide. The 42Crunch API DevSecOps platform empowers developers to build security from the IDE into the API pipeline and gives application security teams control of security policy enforcement from the CI/CD across the entire API lifecycle. This seamless DevSecOps approach to API security reduces governance costs and accelerates the delivery of secure APIs.  Sign up to the industry’s #1 online API Security community newsletter powered by 42Crunch at

Download Solution Sheet

1 Gartner, API Security: What you Need to do to Protect your APIs by Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, 13 January 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission.

Latest Resources


Top Things You Need to Know About API Security

Two of the API security industry’s leading experts, Dr Philippe de Ryck and Isabelle Mauny, guide you through some real-world cases of API security attacks and also share some best practices for securing your APIs.


Addressing API Security Regulations in Financial Services

By Colin Domoney | April 10, 2024

Introduction APIs are disrupting almost every industry vertical, and nowhere is their impact more profound than in the financial services industry. Whether helping modernize legacy systems or creating entirely new business opportunities through innovations such as OpenBanking, APIs are the lifeblood of the financial services industry. At the […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.