42Crunch and Postman See Growth of Shift-Left Adoption for API Security by Enterprise

  • 42Crunch poll reveals that a third of developers are now implementing security testing at the start of the API design lifecycle. 
  • 33% of developers implementing security after the coding stage.
  • 34% of developers implement security either before or after production deployment.

San Francisco, CA  – June 24, 2021 – 42Crunch, the API Security platform vendor, has announced an integration of its API security services with Postman, the API collaboration platform for developers. 42Crunch provides enterprises with continuous protection at every stage of the API lifecycle reducing the cost of DevSecOps accelerating the delivery of production ready APIs. Using 42Crunch, API developers and application security teams can now implement API security design and testing as part of an API-First approach in Postman.

APIs are the backbone of the modern internet infrastructure and as companies move to the cloud and adopt microservices, APIs and the data associated with them are increasingly vulnerable if not protected properly. To combat this risk organizations need to encourage developers to use secure coding practices. A recent poll conducted by 42Crunch revealed that 33% of developers are now implementing security testing at the start of the API design lifecycle with a further 33% implementing security after the coding stages  and the remaining 34% either before or after production deployment. (1)

The explosive growth in API traffic has been driven by digital transformation and now API calls represent the overwhelming majority of web traffic, something that has not gone unnoticed by the hacker community. Gartner predicts “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” (2)

Kin Lane, Chief Evangelist with Postman said, “Despite the fact that APIs are now everywhere, not all APIs are born equal as many are poorly built and have inherent security vulnerabilities. Adopting an API-first strategy with guidelines for design, development, testing and deployment better prepares a business for the digital revolution impacting every industry. 42Crunch’s API audit, scan and protection services complement Postman’s API collaboration platform and give enterprises a full 360° approach to securing their APIs.”  

Isabelle Mauny, Field CTO and Co-founder at 42Crunch said “Our collaboration with Postman, is helping API developers and DevSecOps at leading enterprises adopt a security as code approach to their API design and development. 42Crunch’s unique combination of a shift-left and shield-right approach to API security provides enterprises with continuous protection for their APIs at every stage of the API lifecycle.”

To learn more about how 42Crunch and Postman are implementing API security testing listen to the webinar: watch here

42Crunch announced last month a Series A round raising $17 million to further advance our API security platform and operations.


(1) Poll was conducted on a webinar hosted by 42Crunch on June 16, 2021 with n =305 developers and application security leads from USA and EMEA.

(2) API Security: What You Need to Do to Protect Your APIs. By Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne, refreshed 1 March 2021, Published 28 August 2019.


About Postman

Postman is the leading collaboration platform for API development, used by more than 15 million developers and 800,000 organizations worldwide. Postman is an elegant, flexible platform that is used to build connected software via APIs—quickly, easily, and accurately. Postman is headquartered in San Francisco and has an office in Bangalore, where the company was founded. Postman is privately held, with funding from Insight Partners, Nexus Venture Partners, and CRV. Learn more at or connect with Postman on Twitter via @getpostman.

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more. Visit our online community at

Media Contact:

Anne Marie McCallion
ReturnPR +353 86 834 9329

Latest Resources


Something Old, Something New – OWASP API Security Top 10 in 2023

42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.


How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

By Mark Dolan | September 19, 2023

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier in the development lifecycle makes for longer-lived and more resilient software. The principles she advocates for are also what guides us at 42Crunch..


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.