42Crunch API Security Platform May 2021 Release

Our May 2021 update just went live, and I am here to tell you the details.

Updated CI/CD plugins and repository data in the platform

42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines.

These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or fail depending on the audit results.

We have released new major versions of these plugins:

  • For API collections and APIs created and updated by the plugins, the 42Crunch user interface now shows their repository information: repository, branch, and path

  • On subsequent runs, the plugins automatically update the API collection created for this repository and branch. APIs deleted from the branch get removed, new APIs added, existing APIs updated to the latest version of the OpenAPI file.
  • You can set up the plugins to create these branch collections as private or share them with your organization.

See our CI/CD documentation for details.

Security Audit improvements: Better loose pattern detection, 406 response check

We keep improving our static analysis – 42Crunch Security Audit.

  • Loose string pattern check now goes beyond the proverbial .* and .+ and covers many more similar patterns. About 160 more. 😉 This helps protect APIs against injection attacks and other unexpected inputs.
  • 406 response check helps follow the best practices and define the Not Acceptable API response.

Scan Report: Clear separation of tests and issues

Conformance Scan reports now clearly separate information on the tests performed and the issues that the tests uncovered.

Postman Collection

If you want to learn more about using 42Crunch’s own APIs for the platform scripting and integration, we have published our official Postman collection here.

And there’s more

See our release notes for other improvements, fixes, known issues, and compatible versions of the 42Crunch firewall and conformance scan agent.