NEWS

42Crunch API Security Platform May 2021 Release

Our May 2021 update just went live, and I am here to tell you the details.

Updated CI/CD plugins and repository data in the platform

42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines.

These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or fail depending on the audit results.

We have released new major versions of these plugins:

  • For API collections and APIs created and updated by the plugins, the 42Crunch user interface now shows their repository information: repository, branch, and path

  • On subsequent runs, the plugins automatically update the API collection created for this repository and branch. APIs deleted from the branch get removed, new APIs added, existing APIs updated to the latest version of the OpenAPI file.
  • You can set up the plugins to create these branch collections as private or share them with your organization.

See our CI/CD documentation for details.

Security Audit improvements: Better loose pattern detection, 406 response check

We keep improving our static analysis – 42Crunch Security Audit.

  • Loose string pattern check now goes beyond the proverbial .* and .+ and covers many more similar patterns. About 160 more. 😉 This helps protect APIs against injection attacks and other unexpected inputs.
  • 406 response check helps follow the best practices and define the Not Acceptable API response.

Scan Report: Clear separation of tests and issues

Conformance Scan reports now clearly separate information on the tests performed and the issues that the tests uncovered.

Postman Collection

If you want to learn more about using 42Crunch’s own APIs for platform scripting and integration, we have published our official Postman collection.

And there’s more

See our release notes for other improvements, fixes, known issues, and compatible versions of the 42Crunch firewall and conformance scan agent.

Latest Resources

WEBINAR

Mitigate OWASP API risks through security-by-design

Learn best practices and mitigation steps for some of the OWASP API vulnerabilities through this 42Crunch API security best practice webinar

BLOG

Securing APIs in the Age of GenAI: Test Before You Connect

By Tom Chang | October 2, 2024

How to secure your APIs from GenAI and LLM based attacks Generative AI (GenAI) and Large Language Models (LLMs) are transforming the enterprise landscape, enhancing customer and employee experiences with unprecedented efficiency and insight. The recent McKinsey Global survey on AI reports that 65 percent of respondents say […]

DataSheet

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.