Enables Azure DevOps customers to extend their DevSecOps practices to REST APIs
IRVINE, CA, MARCH 18, 2020 — Today, the API security leader and creator of REST API DevSecOps tooling and the industry’s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Microsoft Azure Pipelines. This extension enables companies to easily enforce secure API design right from their CI/CD pipeline.
With REST API proliferation and REST APIs becoming one of the top attack vectors, ensuring that all APIs that a company develops and hosts are secure by design can be a problem. And with CI/CD, any new API or any modification to existing APIs that developers add can get pushed to production without proper checks on security. Up until now, there has been no extension in the Azure marketplace that would have been specifically geared for the static analysis of REST API security.
The new 42Crunch extension for Microsoft Azure Pipelines allows companies to add REST API static security testing (SAST) right into their CI/CD pipeline. The benefits include:
- Reduced risk of breach: Locate API contract files in the repository and run 200+ security checks covering OpenAPI standard requirements, authentication, authorization, and both incoming and outgoing data validation. This makes sure that no new or changed API can pass the test and get deployed to production if it does not meet your security standards.
- Reduced fixing costs: Find and report security flaws at each pipeline run, providing immediate feedback to R&D.
- Increased R&D efficiency: 42Crunch API Contract Security Audit does not give false positives. Every issue reported is worth looking into. Issues are prioritized by impact, so developers know where to start. Every issue comes with a detailed knowledge base article explaining the issue, its severity, exploit scenario, and ways to fix it.
“Modern software development trends, such as cloud-native architectures, microservices, and serverless, have led to companies spinning up hundreds or even thousands of APIs,” says Jacques Declas, the CEO and founder of 42Crunch. “Agile processes and DevOps lead to new APIs being developed and existing APIs getting changed every day. No manual policies or checks can ensure that they are all securely designed and follow all the modern API security best practices. Today, 42Crunch is releasing an off-the-shelf API security extension for Azure DevOps to allow Azure Pipelines customers to automatically discover APIs built by their pipelines, and ensure that these APIs are secure by design.”
“DevSecOps has become the way for teams to stay agile and deliver business value while maintaining a high level of systems security,” says Steven Murawski, Cloud Advocate at Microsoft. “While Azure Pipelines already had security testing extensions for various parts of the application stack, there had been a glaring gap of the one specifically designed for REST APIs. We are happy to see 42Crunch bridge that gap with their solution.”
Now, any registered 42Crunch user who is also a user of Azure DevOps pipeline, can extend the pipeline with the 42Crunch REST API Security Audit Static Analysis extension.
Last year, 42Crunch launched an OpenAPI (Swagger) Editor for VS Code as part of an overall strategy to simplify and automate API security. The extension has been well received with a 5 star rating, and more than 47,000 installs. You can download it for free here.
42Crunch has also recently launched freemium model with free self-service registration at https://platform.42crunch.com/register
REST API Security by Design with Azure Pipelines
Join Microsoft and 42Crunch for a live webinar Wednesday March 25th at 8am PST / 11am EST for a deep dive into a shift-left security approach using OpenAPI, Azure Pipelines, and 42Crunch.
About 42Crunch
42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, 42Crunch Platform empowers development, security, and operations teams with a set of integrated tools to easily build security into the foundation of the API, and enforce those policies throughout the API lifecycle. By delivering security as code, you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit https://42crunch.com to learn more.
Visit our online community https://APIsecurity.io.
