NEWS

42Crunch API Security Platform May 2021 Release

Our May 2021 update just went live, and I am here to tell you the details.

Updated CI/CD plugins and repository data in the platform

42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines.

These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or fail depending on the audit results.

We have released new major versions of these plugins:

  • For API collections and APIs created and updated by the plugins, the 42Crunch user interface now shows their repository information: repository, branch, and path

  • On subsequent runs, the plugins automatically update the API collection created for this repository and branch. APIs deleted from the branch get removed, new APIs added, existing APIs updated to the latest version of the OpenAPI file.
  • You can set up the plugins to create these branch collections as private or share them with your organization.

See our CI/CD documentation for details.

Security Audit improvements: Better loose pattern detection, 406 response check

We keep improving our static analysis – 42Crunch Security Audit.

  • Loose string pattern check now goes beyond the proverbial .* and .+ and covers many more similar patterns. About 160 more. 😉 This helps protect APIs against injection attacks and other unexpected inputs.
  • 406 response check helps follow the best practices and define the Not Acceptable API response.

Scan Report: Clear separation of tests and issues

Conformance Scan reports now clearly separate information on the tests performed and the issues that the tests uncovered.

Postman Collection

If you want to learn more about using 42Crunch’s own APIs for platform scripting and integration, we have published our official Postman collection.

And there’s more

See our release notes for other improvements, fixes, known issues, and compatible versions of the 42Crunch firewall and conformance scan agent.

Latest Resources

WEBINAR

Webinar Series - Defending APIs with Jim Manico

Defending APIs with Jim Manico – Episode 1

Episode 1: Request Forgery on the Web – CSRF & SSRF

November 10, 2022 | 9am PST | 5pm BST

Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.

BLOG

Empathy for the API Developer

By Colin Domoney | July 25, 2022

Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help […]

DataSheet

Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.