42Crunch and Postman See Growth of Shift-Left Adoption for API Security by Enterprise

  • 42Crunch poll reveals that a third of developers are now implementing security testing at the start of the API design lifecycle. 
  • 33% of developers implementing security after the coding stage.
  • 34% of developers implement security either before or after production deployment.

San Francisco, CA  – June 24, 2021 – 42Crunch, the API Security platform vendor, has announced an integration of its API security services with Postman, the API collaboration platform for developers. 42Crunch provides enterprises with continuous protection at every stage of the API lifecycle reducing the cost of DevSecOps accelerating the delivery of production ready APIs. Using 42Crunch, API developers and application security teams can now implement API security design and testing as part of an API-First approach in Postman.

APIs are the backbone of the modern internet infrastructure and as companies move to the cloud and adopt microservices, APIs and the data associated with them are increasingly vulnerable if not protected properly. To combat this risk organizations need to encourage developers to use secure coding practices. A recent poll conducted by 42Crunch revealed that 33% of developers are now implementing security testing at the start of the API design lifecycle with a further 33% implementing security after the coding stages  and the remaining 34% either before or after production deployment. (1)

The explosive growth in API traffic has been driven by digital transformation and now API calls represent the overwhelming majority of web traffic, something that has not gone unnoticed by the hacker community. Gartner predicts “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” (2)

Kin Lane, Chief Evangelist with Postman said, “Despite the fact that APIs are now everywhere, not all APIs are born equal as many are poorly built and have inherent security vulnerabilities. Adopting an API-first strategy with guidelines for design, development, testing and deployment better prepares a business for the digital revolution impacting every industry. 42Crunch’s API audit, scan and protection services complement Postman’s API collaboration platform and give enterprises a full 360° approach to securing their APIs.”  

Isabelle Mauny, Field CTO and Co-founder at 42Crunch said “Our collaboration with Postman, is helping API developers and DevSecOps at leading enterprises adopt a security as code approach to their API design and development. 42Crunch’s unique combination of a shift-left and shield-right approach to API security provides enterprises with continuous protection for their APIs at every stage of the API lifecycle.”

To learn more about how 42Crunch and Postman are implementing API security testing listen to the webinar: watch here

42Crunch announced last month a Series A round raising $17 million to further advance our API security platform and operations.


(1) Poll was conducted on a webinar hosted by 42Crunch on June 16, 2021 with n =305 developers and application security leads from USA and EMEA.

(2) API Security: What You Need to Do to Protect Your APIs. By Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, refreshed 1 March 2021, Published 28 August 2019.


About Postman

Postman is the leading collaboration platform for API development, used by more than 15 million developers and 800,000 organizations worldwide. Postman is an elegant, flexible platform that is used to build connected software via APIs—quickly, easily, and accurately. Postman is headquartered in San Francisco and has an office in Bangalore, where the company was founded. Postman is privately held, with funding from Insight Partners, Nexus Venture Partners, and CRV. Learn more at or connect with Postman on Twitter via @getpostman.

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more. Visit our online community at

Media Contact:

Anne Marie McCallion
ReturnPR +353 86 834 9329

Latest Resources


Review of Major API Security Breaches from H1 2024

In this latest webinar, Anthony Lonergan, reviews some of the most recent high-profile API breaches that occurred in 2024.
Anthony will give a detailed overview of each attack and explain how the different vulnerabilities could be exploited to compromise the companies involved. He then practically demonstrates how companies can remediate against these vulnerabilities order to better protect their APIs.


The Scourge of SQL Injection for APIs

By Anthony Lonergan | June 25, 2024

In a report published in May 2024, cybersecurity firm Eclypsium outlined key vulnerabilities discovered in the F5 Big IP Next device. It’s another sobering reminder of the challenges faced in securing APIs when a highly regarded security company like F5 launches a new flagship product with all-too-familiar vulnerabilities […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.