Resources
A full list of Blogs, Webinars, Press Releases, News ...
Mitigate OWASP API risks through security-by-design
Webinar Nov 5, 2024 PST 9am | EST 12pm | GMT 5pm Watch the Webinar The OWASP Top 10 API Security Risks provide a clear roadmap of the most common and dangerous vulnerabilities that can compromise your APIs. In this webinar, we'll explore how to integrate OWASP guidelines in a security initiative for software development to help teams build secure, resilient APIs by design. This session will offer practical insights...
Securing APIs in the Age of GenAI: Test Before You Connect
How to secure your APIs from GenAI and LLM based attacks Generative AI (GenAI) and Large Language Models (LLMs) are transforming the enterprise landscape, enhancing customer and employee experiences with unprecedented efficiency and insight. The recent McKinsey Global survey on AI reports that 65 percent of respondents say that their organizations are regularly using GenAI, nearly double the percentage from their previous survey just ten months ago1. However, while businesses...
When GenAI Meets Risky APIs
Webinar Sept 26th, 2024 PDT 9am | EDT 12pm | BST 5pm Watch the Webinar As Generative AI adoption grows across the enterprise, so does the risk surface for potential data breaches and attacks. API security is a must have if you want to enable the responsible and effective deployment of GenAI technology. Large Language Models (LLMs) excel at processing and understanding unstructured data in order to generate coherent and...
Discovering your APIs – How to achieve a complete API Inventory
API usage and traffic continues to grow thanks to the massive amount of SaaS and other web-based services that power our modern economies. However, as businesses become more distributed the landscape of their API estate and microservices has become increasingly complex. These vast and potentially ungoverned API landscapes present attractive targets for attackers and challenging assets for security and application teams to defend. The stakes have never been higher for...
Review of Major API Security Breaches from H1 2024
Webinar July 11th, 2024 Watch the Webinar In this latest webinar, Anthony Lonergan, Editor of APISecurity.io newsletter and Dev Relations Lead at 42Crunch, reviews some of the most recent high-profile API breaches that occurred in 2024. Anthony will give a detailed overview of each attack and explain how the different vulnerabilities could be exploited to compromise the companies involved. He then practically demonstrates how companies can remediate against these vulnerabilities...
Navigating the depths of API security testing with 42Crunch and Microsoft
Webinar July 10th, 2024 Watch the Webinar API vulnerabilities haven't gone away and if anything, the attacks are continuously on the rise, according to apisecurity.io news. Discover how to seamlessly integrate security practices into your DevOps pipelines. As part of the Microsoft Reactor Spotlight on GitHub Advanced Security webinar series, 42Crunch and Microsoft explore the hidden risks that threaten APIs and delve into vulnerabilities within your codebase. From scanning OpenAPI...
The Scourge of SQL Injection for APIs
In a report published in May 2024, cybersecurity firm Eclypsium outlined key vulnerabilities discovered in the F5 Big IP Next device. It's another sobering reminder of the challenges faced in securing APIs when a highly regarded security company like F5 launches a new flagship product with all-too-familiar vulnerabilities like SQL injection and SSRF. Among the vulnerabilities reported by Eclypsum, unauthenticated SQL injection deserves special attention. Injection attacks are very common...
What’s the best way to test an API for vulnerabilities? RTFM
If you’re a child of the 80s like me, you may have had the distinction of being the only one in your house who knew how to program your VCR. My motivation was strong. Clarinet lessons were interfering with my favorite show, the A Team. I was the one in the family who handled most AV responsibilities at the time and I was confident that this would be a simple...
Buckle Up and Protect your Ride. The Importance of API Security for the Connected Vehicle
Last week 42Crunch and VicOne, a Trend Micro subsidiary, announced a unique and vitally important partnership for the automotive industry. Our partnership is the first of its kind to address the mission critical role API security plays for automotive manufacturers as the software driven vehicle becomes an increasingly vulnerable attack surface for rogue actors. Automotive: Another Attack Surface In today's interconnected world, the automotive industry is experiencing a rapid transformation,...
VicOne Partners with 42Crunch to Deliver Uniquely Comprehensive Security Across SDV and Connected-Vehicle Ecosystem
Collaboration pairs leaders in API and automotive cybersecurity to enable broad protection as attacks on automotive APIs climb within and among vehicle, cloud and mobile DALLAS and TOKYO, May 29, 2024—VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces (APIs) for the software-defined vehicle (SDV) and broader connected-vehicle ecosystem. Through the partnership, automotive original equipment manufacturers (OEMs) and suppliers achieve...
How to Improve Developer Productivity and API Security Posture
Automate API Documentation and Security Analysis The proliferation of APIs has made them an attractive target for bad actors, so organizations need to adopt a multi-layered approach to protect their APIs. This starts with API design and progresses to the deployment and production runtime phases. To implement API security from the early stages effectively requires giving development teams tooling that lets them maintain productivity levels but at the same time...
Addressing API Security Regulations in Financial Services
Introduction APIs are disrupting almost every industry vertical, and nowhere is their impact more profound than in the financial services industry. Whether helping modernize legacy systems or creating entirely new business opportunities through innovations such as OpenBanking, APIs are the lifeblood of the financial services industry. At the same time, there is increasing scrutiny on the security of these very APIs to ensure that they both meet the requirements of...
So, your API has been Breached, Now What?
Last week I had the privilege of presenting some real-world API security case studies at the annual API Summit in Austin, Texas. On foot of several requests, I have summarized in this post some of the key steps an enterprise should undertake, once they discover that their API has been compromised. Dissecting the API Security Problem The root cause of many API security breaches has been a common misconception made...
How to Protect your APIs from Broken Authentication and Unrestricted Resource Consumption
In a follow-up to our recent blogpost which explored the OWASP API Authorization risks, this week we share highlights of our webinar which featured Philippe De Ryck and Isabelle Mauny talking about the Authentication challenges encountered when protecting your APIs. They explored just how potentially dangerous the combination of the two OWASP API Top 10 categories of Broken Authentication and Unrestricted Resource Consumption can be when an API endpoint is...
How to Protect APIs from OWASP Authorization Risks: BOLA, BOPLA & BFLA
The OWASP API Top Risks listing identifies three different Authorization challenges Coding issues relating to Authorization configuration failures continue to present a significant challenge for development and security teams building and protecting APIs. Just read any issue of our fortnightly APIsecurity.io newsletter and you’ll discover that Authorization-based breaches are at the root of a large percentage of the high-profile attacks. Authorization, in its various flavors, presents challenges because any misconfigurations...
Top Things You Need to Know About API Security
Webinar February 6, 2024 Watch the Webinar Browse the Deck Register to get webinar recording password The flipside of the exponential adoption of APIs over the past decade has been the upsurge in the sheer volume of API attacks. Stories of API security breaches are everywhere which shines a harsh spotlight on the ease of API abuse and the complexities of robust API security. Join this webinar as two...
How 42Crunch and Microsoft are Solving the API Security Challenge
42Crunch and Microsoft have partnered to provide continuous protection for APIs Recently 42Crunch and MIcrosoft announced a partnership to address the number one security issue challenging organizations today, namely the large and growing attack surface represented by APIs. Application security practitioners have come to realize that application security tooling like SAST/DAST and Web Application Firewalls (WAFs) are not optimized to protect against the unique and varied threats posed by APIs....
Automatic Generation of OpenAPI contracts with API Capture
Tutorials Automate the manual task of creating OpenAPI contracts with API Capture. API Capture uses multiple sources such as Postman collections and API traffic to create OpenAPI definition files. API Capture is also available on the 42Crunch API Security Platform. Introduction to API Capture An introduction to API Capture and an overview of the main elements including the Dashboard, QuickGen, Buckets, Secrets and the OpenAPI Generator. How to use QuickGen...
API Security Testing in GitHub Actions
Tutorials In this tutorial you'll learn how to use API Audit and API Scan to run API security testing from GitHub Actions. In addition you will see how the results of the security tests are uploaded to GitHub Code Scanning. These tests can be run by paid subscribers or with limited usage by freemium users
API Security & Conformance Scan using OpenAPI Swagger Editor Extension in VS Code
Tutorials A dynamic security scan of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities such as BOLA and BFLA. The tutorial videos below are relevant for all the available IDEs. API Scan is also available on the 42Crunch Platform and CI/CD platforms such as GitHub Actions and Azure DevOps. Quick Links Activate API Scan Overview of the Scan Configuration Viewer Run Your First...
Analyst Report: Review of Partnership Between 42Crunch and Microsoft
This analyst report prepared by Dr. Edward Amoroso, CEO of Tag Infosphere Inc, offers a review of the recently announced partnership between cybersecurity vendor 42Crunch and Microsoft. Introduction The recently announced partnership between 42Crunch and Microsoft, integrating 42Crunch’s API security solutions 1 with Microsoft Defender for Cloud 2, marks a significant advancement in the field of API security 3. This collaboration aims to provide a comprehensive solution for the entire...
42Crunch And Microsoft’s Defender for Cloud Partner to Deliver End-to-End API Security
42Crunch and Microsoft integrate services to help enterprises adopt a full-lifecycle approach to API security San Francisco, CA, November 15, 2023 - Today 42Crunch, the API DevSecOps platform, announced the integration of 42Crunch’s API security audit and vulnerability testing solution with Microsoft Defender for Cloud to provide Microsoft customers continuous API protection from design to runtime. Cloud applications are increasingly API-centric, with APIs at the core of data exchange....
42Crunch Launches Automated API Contract Generation to Improve Governance & Speed Development
API World, Santa Clara, CA - October 24, 2023 - 42Crunch the API Security platform vendor, launched today, API Capture, to automate the generation of OpenAPI contracts and API security testing configurations from Postman collections and API traffic. API Capture benefits enterprises by enabling their development teams adopt best practice API security governance policies from the earliest stages in the API lifecycle at design time. This delivers improved compliance controls...
42Crunch Reaches 1 Million Developers on API Security Platform
October 24, 2023 – Santa Clara, CA. Today at API World, 42Crunch, the API Security Platform vendor, announced that it now has 1 million developers leveraging its API security tools to secure their APIs. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside their preferred Integrated Development Environments (IDE), such as Visual Studio, Intellij and Eclipse. This approach benefits enterprises by enabling their developers...
How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout
This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. Shift Left for Greater Compliance In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier into the development lifecycle makes for longer-lived and more resilient software. Shannon points out that with security requirements represented earlier in the software development process, it effectively makes enforcement...
3 Steps to Successful API Security Compliance
CISOs and application security teams are faced with the challenge of enforcing API security compliance without delaying the development lifecycle or the delivery of new services. Often thought of as a bottleneck to rapid API delivery, there is now a wide acceptance of the key role security must play at all stages of the development lifecycle to ensure that APIs are compliant with security policies before, during and after deployment....
Why most API Security solutions have not delivered on the hype
Discovering your APIs does not secure your APIs Over the past few months, we’ve heard countless variations of the following from customers and prospects - “We brought a vendor in last year that told us they could discover all of our rogue APIs, tell us where our sensitive data was flowing, and find where and how our APIs are being attacked. We're now 10 months in and we've deployed across...
The OWASP API Security Top 10 Has Been Updated – How Are Companies Reacting?
The OWASP API Security Project released an updated version of the OWASP Top 10 for APIs last month. In the intervening years since the first edition was published in 2019 API security has risen to become arguably the most pressing area of focus for CISOs and Heads of Application Security today. Certainly, at 42Crunch we have seen increased customer demand across all industry verticals and indeed the rate of uptake...
Something Old, Something New – OWASP API Security Top 10 in 2023
Webinar August 1, 2023 | 9am PDT | 5pm BST Watch the Webinar Browse the Deck The OWASP API Security project has recently updated its Top 10 list of vulnerabilities that are commonly found in APIs. This list includes both well-known issues and new ones that are currently affecting APIs in the real world. It is crucial for those involved in the API industry to stay informed about these top...
Mastering Secure API Development with GitHub and 42Crunch
Webinar July 13, 2023 Watch the Webinar Browse the Deck With over 100 million users and 330 million repositories, GitHub has become the de facto home of software development. GitHub has become so much more than purely a Git repository hosting platform. With features such as repository forking, pull requests, and, most notably, GitHub Actions, it is now a one-stop development platform. 42Crunch is the developer-first API security platform with...
Payemoji and 42Crunch announce partnership
Dublin, Ireland - July 12, 2023 42Crunch, the automated API security testing and threat protection vendor and Payemoji's conversational commerce solution announce partnership. Introduction to Conversational commerce API security Conversational commerce has transformed the way businesses engage with their customers. Through messaging platforms, voice assistants, and chatbots, companies can now offer personalized recommendations, process transactions, provide customer support, and gather valuable insights. This level of interaction and convenience has significantly...
42Crunch Announces Next Generation of API Security Testing Services at Gartner® Security & Risk Management Summit 2023
Enhances API Security Governance and Reduces Developer Friction Gartner Security & Risk Management Summit, National Harbor, Md. June 5, 42Crunch, the API Security platform company, announced the latest set of API security testing and threat protection capabilities, designed to ensure companies build APIs that are secure by default and don’t impede the developer workflow. Companies will benefit from these latest advancements by enhancing their overall API security governance and compliance...
Why API Security Cannot Wait Until Production
Webinar May 11, 2023 Watch the Webinar Browse the Deck Enterprise Management Associates' recent survey of technology and business leaders in North America revealed that 32% of firms admitted to only implementing API security standards in their production environment. What does this say about the state of API Security globally? Simply put, the opportunity to miss a step or control once your API is deployed into production is part of...
42Crunch and Spike Reply Join Forces to Strengthen API Security for DACH Region
Dublin, Ireland and Duesseldorf, Germany - March 28, 2023 42Crunch, the Developer-First API Security platform vendor and Spike Reply, today announced their commercial partnership to offer API security within the DACH region. Spike Reply will resell the 42Crunch API Security platform and provide implementation services to enterprises throughout the region as they strengthen their API-first strategies. Application leaders in enterprises are encountering an ever-increasing volume and variety of API attacks and need to protect their...
Build Secure APIs in VS Code with Instant API Security Testing
Webinar March 21, 2023 Watch the Webinar Browse the Deck The DevSecOps' movement has resulted in vendors providing tools for developers inside their IDEs. Many of the security tools integrated into the IDE unfortunately leave a lot to be desired - slow scanning times, noisy results, and no real added productivity value to busy developers. However, the 42Crunch VS Code API security audit integration is a complete game changer, evidenced...
Mind the Gap! How API Security Testing Tools Complement API Gateways for Enhanced API Security
“I want security, yeah Without it I had a great loss, no now Security, yeah And I want it at any cost …” (Otis Redding, 1964) Otis Redding may well have been singing about the love for another in these famous lines, but taken literally, his message will resonate with any company that has recently suffered an API breach. Sadly the number of companies impacted by API breaches is growing...
42Crunch recognized as a Microsoft Security Excellence Awards finalist for Security Software Innovator
San Francisco, CA — March 14, 2023. 42Crunch, the Developer-First API Security platform today announced it is a Security Software Innovator award finalist in the Microsoft Security Excellence Awards. The company was honored among a global field of industry leaders that demonstrated success across the security landscape during the past 12 months. Jacques Declas, CEO at 42Crunch said “As pioneers in the category, we are proud to work closely with...
Protect Your APIs with Microsoft Azure Sentinel and 42Crunch Platforms
Webinar January 31, 2023 Watch the Webinar Browse the Deck This webinar showcases how users of the Microsoft Azure Sentinel platform via the 42Crunch platform integration can proactively protect their APIs. By leveraging 42Crunch's API security platform, Azure Sentinel users gain visibility into their API infrastructure, identify vulnerabilities, and mitigate risks. Well-designed, secure APIs are critical to mitigating the risk of attack, but it is essential to also actively monitor...
42Crunch expands Microsoft collaboration by joining MISA
42Crunch Expands Collaboration with Microsoft by Joining Microsoft Intelligent Security Association Collaboration Consolidates End-to-End API Security Experience for the Enterprise San Francisco, January 10, 2023 – 42Crunch, the Developer First API Security platform company, announced today that it has joined the Microsoft Intelligent Security Association (MISA), a group of security technology providers who have integrated their solutions with Microsoft’s security technology products to better defend against a world of increasing threats....
Why 42Crunch’s MISA Certification is Important for API Security
Today I’m proud to announce that 42Crunch is the first API Security platform vendor to join the Microsoft Intelligent Security Association. This accreditation has been achieved as a result of our integration with Microsoft Azure Sentinel, the cloud-native security information and event management (SIEM) platform. APIs are a key target for malicious actors, and the integration of the 42Crunch platform with Azure Sentinel will significantly reduce the risk of API-related...
Review of the Major API Breaches from H2 2022
Webinar Dec 13th, 2022 | 8am PST | 4pm GMT Watch the Webinar Browse the Deck Colin Domoney reviews some of the major API breaches that occurred in the second half of this year. In this practical webinar he outlines the API vulnerabilities that were compromised during the attacks and shows how to protect against them. Why Attend? Gain an understanding of how the API vulnerabilities occurred and the resulting...
APImetrics and 42Crunch Collaborate to Close the Loop on API Governance and Compliance
42Crunch and APImetrics offer best-of-breed API security enforcement and API performance and SLA validation. November 22, 2022, Seattle, WA APImetrics and 42Crunch are collaborating to offer a holistic view across the API lifecycle and dive deep into the API runtime, providing unparalleled observability of the real-world behavior and security of API products. Companies can verify that the critical security API properties are enforced and operate as designed and specified...
42Crunch becomes a member of OWASP to Advance API Security
November 14, 2022, San Francisco, CA - 42Crunch is pleased to announce our corporate membership of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software. At 42Crunch we have always been inspired by OWASP’s role as an enabler of the global security professional community. Our membership allows us to support OWASP projects while also allowing us to help shape the...
42Crunch Now Available On Microsoft Azure Marketplace.
Developer-First API Security to Help Enterprises Achieve End-to-End Protection of their Digital Initiatives 42Crunch is at API World in San Jose this week, the annual gathering of the API industry. I find it a wonderful event where end-users, vendors, consultants and analysts meet to explore and learn about the benefits gained from implementing an API-first approach to improve their businesses. APIs have been the bedrock of the digital transformation...
Defending APIs with Jim Manico
WEBINAR November 10, 2022 | 9am PST | 5pm BST Watch the Webinar Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs. Episode 1: Request Forgery on the Web - CSRF & SSRF In this first episode Jim and Colin will discuss request forgery and how to prevent it. This technical talk is intended for...
Hacking APIs for Fun & Profit
Webinar October 6, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck To become an effective builder of secure APIs it is important to understand how your API is going to be attacked. By far the best way to learn more about the attack vectors, techniques, and skills is to listen to the real world stories from leading pen testers as they reveal their discovery and...
42Crunch Strengthens Shift-Left for API Security with API Scan from Inside IDE
500,000 API Developers secure APIs as they develop from inside their favorite IDEs 19 September, 2022 – San Francisco, API Specifications Conference (ASC) – 42Crunch, the Developer First API Security platform company, announced today at ASC the availability of the platform’s API Scan service inside the leading IDEs for developers. With over 500,000 developers already using 42Crunch, this latest addition to the platform means enterprises can further strengthen their shifting...
Review of the Major API Breaches from H1 2022 – Episode 2
Two-Part Webinar Series May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck This is a two-part webinar series on the global API breaches from H1 2022 that made the news. The first episode described the breaches at a high level and this the second, describes how to defend against them. Episode 2: How to defend against the API security breaches covered in Episode 1...
Benefits of a Positive Security Model for APIs
WEBINAR August 2, 2022 | 10:00 CDT | 16:00 BST Watch the Webinar Browse the Deck Positive Security is a model that enables access to known trusted resources rather than trying to determine what activity or entities have hostile intent. Applying a positive security model when protecting your APIs can offer direct benefits such as reduction in false negatives, lower reliance on constantly adding characteristics of hostile traffic, and others....
REST API Risk Audit – Online Demo
Webinar May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this session, 42Crunch technical expert, Andy Wright, walks through how to perform a Security Audit and a Conformance Scan of your API Contract. He immediately builds a security report and calculates an audit score for each API he analyzes based on the OpenAPI annotations in the API definition. This audit score reflects the...
Empathy for the API Developer
Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help foster greater collaboration. “..Security teams have always been perceived as an impediment to delivery by software teams who feel that security imposes...
Review of the Major API Breaches from H1 2022 – Episode 1
Two-Part Webinar Series May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck This is a two-part webinar series on the global API breaches from H1 2022 that made the news. This first session describes the breaches at a high level and the second episode describes how to defend against them. Episode 1: High profile API security breaches and how the vulnerability occurred As APIs...
42Crunch Reaches 450,000 Developers as Shift-Left & Shield-Right Approach For API Security Prevails
JUNE 7, 2022 – National Harbor, Maryland. Today at the Gartner Security & Risk Management Summit, 42Crunch, the Developer-First API Security Platform vendor, announced that it has over 450,000 developers now using its API Security tools. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside the market leading Integrated Development Environments (IDE), Visual Studio, Intellij and Eclipse. This shift-left approach benefits enterprises by enabling developers...
An Introduction to API Security
Isabelle Mauny from 42Crunch takes a high level look at the different problems facing APIs today and gives some recommendations in her article on APIscene.io The idea of this article is to serve as an introduction to API security. We’ll look from a high-level view at all the different problems that are stacking up around APIs right now and give you some highlights of recommendations. It will be no surprise...
When Shift-Left is more than a marketing campaign
Earlier this month I had the chance to join my new colleagues from 42Crunch at our all-hands in Ireland and I couldn’t be more excited that there’s something special that we’re building here. Setting aside that Cork and Kinsale are some of the prettiest places I’ve ever visited, I was able to see how passionate the 42Crunch team is about an approach that’s new to me as someone who’s been...
Sua empresa não tem alternativa: Proteger as APIs da forma correta passa a ser uma obrigação
O grande susto Um amigo comentou comigo um episódio interessante: Telefonaram para ele dizendo que era um canal de nível oito de seu banco, confirmando dados como endereço, nome de mãe e pai, cônjuge, filhos etc, dizendo que existiam transações suspeitas, e que a conta dele havia sido invadida e ele precisava ligar urgentemente para central do banco, e seguir os passos para mudanças de senha e a pessoa do...
Actively Monitor and Defend Your APIs with 42Crunch and the Azure Sentinel Platform
Webinar May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this webinar 42Crunch and CyberProof demonstrate how to proactively integrate API access logs into the Microsoft Azure Sentinel platform and actively defend APIs with the 42Crunch API Micro-Firewall. APIs are increasingly the number one attack vector for adversaries due to their growing abundance and ease of attack via automated scripts and tools. Most...
Lessons learned from the Spring4Shell vulnerability
Recently we published an article on the log4shell vulnerability targeting log4j, in which we explained how APIs can be protected against injection attacks with a positive security model, and how 42Crunch easily enables such a model. Now, it’s time for the Spring4Shell (CVE-2022-22965) vulnerability, targeting the Spring framework, commonly used to build APIs. What can we learn from this vulnerability? Diving into Spring4Shell The Spring team has published an article...
OWASP API Security TOP 10 Challenges – Episode 3
THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this 3-part webinar series Dr. Philippe De Ryck, Web Security Expert with Pragmatic Web Security and Colin Domoney of 42Crunch and APISecurity.io, take a deep dive into understanding and addressing the OWASP API Security Top 10 issues. Through detailed practical examples and use cases, they guide developers and security professionals through...
OWASP API Security Top 10: Comprendre les menaces qui ciblent les APIs
Webinaire May 4th, 2022 | 8am PST | 4pm BST Enregistrement du webinaire Ce webinaire, dédié à la sécurité des APIs, traite des menaces listées par l'OWASP API Security top 10. Vous assisterez à l'explication détaillée de chaque menace, son exploitation possible, des exemples d'attaques réussies et comment, grâce à la technologie 42crunch il est possible de s'en prémunir. Ces dernières années, de nombreuses entreprises telles que Facebook, Google ou...
How to Extend Protection of your Data from API to Mobile Application
Webinar May 4th, 2022 | 8am PST | 4pm BST This webinar presents the new integration of 42Crunch with comprehensive mobile app protection from Approov. A joint solution that delivers shift-left API protection as well as run-time shielding that extends all the way to your mobile apps and the environments they run in. APIs are a mobile app developers best friend as they help reduce development time and save costs,...
Why Developer-First API Security is Prevailing in Enterprise
Why Developer-First API Security is Prevailing in Enterprise. The DevSecOps movement has led to a distinct “shift-left” in the enterprise where tasks are moved earlier in the development cycle so that developers can directly address production concerns as the code is being written. Companies are realizing greater business benefits from this shift-left approach, with accelerated application delivery times and the dismantling of a siloed approach to the software development lifecycle...
OWASP API Security TOP 10 Challenges – Episode 2
THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this first episode in the webinar series, Dr Philippe de Ryck and Colin Domoney discuss API security today and the challenges presented by the OWASP API security top 10. Questions from attendees were addressed throughout the webinar. Episode 2: Address the OWASP API Authentication and Authorization Challenges In this second episode...
How Developers Can Become API Security Champions
Question: Everyone is talking about DevSecOps, why are we not able to fix the security issues? Despite the obvious challenges, Colin believes that the industry has made progress as compared to ten years ago when very insecure code was prevalent. Today's code is definitely more secure and security is improving — thankfully most developers are at least now aware of what an SQL injection attack is. Philippe also thinks things...
Why Do APIs Merit a Separate OWASP Top 10 Listing?
Throughout the 3 part webinar series "API Security Landscape Today and the OWASP API Security Top 10 Challenges" we will publish blog posts that highlight some of the main talking points addressed by the speakers. In this post, Philippe and Colin explore the differences between APIs and web apps that necessitated the creation of a dedicated OWASP API Security Top 10 and how developers can play an active role alongside their...
Protecting your APIs against Log4Shell with 42Crunch
On December 9th, 2021, the log4shell vulnerability hit the news and it has since been every security team's worst nightmare: trivially exploitable, huge impact with RCE (Remote Code Execution), on a component widely used across traditional enterprise technological stacks, both in in-house and third-party software. All this combined explains its CVSS rating of 10 – the highest possible. It is probably one of the worst flaws I have witnessed in...
OWASP API Security TOP 10 Challenges – Episode 1
THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this 3-part webinar series Dr. Philippe De Ryck, Web Security Expert with Pragmatic Web Security and Colin Domoney of 42Crunch and APISecurity.io, take a deep dive into understanding and addressing the OWASP API Security Top 10 issues. Through detailed practical examples and use cases, they guide developers and security professionals through...
7 Ways to Avoid JWT Security Pitfalls
Dec 22nd 2021. Author: Dr. Philippe de Ryck, Pragmatic Web Security, Like them or hate them, JSON Web Tokens (JWT) are everywhere. OAuth 2.0 and OpenID Connect rely heavily on JWTs. Many applications use JWTs to implement custom security mechanisms. And every language or framework offers plenty of support for JWTs. Unfortunately, JWTs also lie at the heart of numerous API security failures. Handling JWTs securely is often challenging and...
Automate your API security with Security as Code
Webinar Traditionally developers like to focus on the data and functionality of their APIs while the security team is concerned with the enforcement of API security controls and policies. This siloed approach has led to inefficiencies and bottlenecks in the DevSecOps' cycle that are delaying the release of APIs and creating cost over runs. In this webinar we look at how organizations can overcome this challenge by adopting a "security...
Protección efectiva de sus APIs y Microservicios
Webinar May 4th, 2022 | 8am PST | 4pm BST Tus APIs están en riesgo, punto! Muchas organizaciones tienen la epifanía de que tener los componentes tradicionales como WAF y las capacidades tradicionales de los API Gateways son suficientes para que estén protegidas, pero no lo están. En ese seminario web, presentaremos la plataforma 42Crunch, que puede funcionar en conjunto con sus herramientas existentes, en su pipeline DevSecOps. Para qué...
Diseñando API seguras usando la plataforma 42Crunch con Postman
Webinar May 4th, 2022 | 8am PST | 4pm BST Diseñando APIs seguras usando la plataforma 42Crunch con Postman En este webinar bajo demanda se detallará cómo combinar lo mejor de 42Crunch y Postman para: Realizar tareas de desarrollo, simulación y prueba de APIs Aprovechar los recursos de 42Crunch para ejecutar de maneras sencilla la auditoría de seguridad desde postman UI Automatizar las herramientas de 42Crunch en CI/CD en tiempo...
Why Continuous API Security is key to protecting your Digital Business
Webinar May 4th, 2022 | 8am PST | 4pm BST Join these experts as they discuss the benefits of an integrated, continuous, and proactive approach to API security that combines proactive application security measures with continuous activity monitoring, API-specific threat analysis, and runtime policy enforcement. Alexei Balaganski explains how the security and compliance risks that APIs are exposed to are shaping the future of API security solutions and provides an...
Why Continuous API Security is key to protecting your Digital Business – Show Webinar
Webinar May 4th, 2022 | 8am PST | 4pm BST Join these experts as they discuss the benefits of an integrated, continuous, and proactive approach to API security that combines proactive application security measures with continuous activity monitoring, API-specific threat analysis, and runtime policy enforcement. Alexei Balaganski explains how the security and compliance risks that APIs are exposed to are shaping the future of API security solutions and provides an...
42Crunch and Cisco Collaborate to Drive API Security Forward and to Increase Cloud Protection
October 11, San Francisco, CA – Today at KubeCon, 42Crunch, the Developer-First API security platform company, announced their collaboration with Cisco to provide the developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection. APIs are increasingly a favorite target for hackers seeking to compromise cloud environments with malware such as cryptojacking and ransomware. 42Crunch and Cisco are addressing these threats by...
42Crunch Accelerates API Security with Two Key Executive Appointments
42Crunch Accelerates API Security with Two Key Executive Appointments Industry Veterans Stephen Gomann and Hugh Carroll Tapped to Support API Leader’s Rapid Growth San Francisco, CA – October 5, 2021 – 42Crunch, the Developer-First API Security platform vendor, today announced two key senior additions to its growing global team. Stephen Gomann has been appointed as Chief Revenue Officer (CRO) to lead the company's sales organization, overseeing global sales and business...
Application Security Tools Are Not up to the Job of API Security
The last two decades have seen a proliferation of software (according to GitHub there has been a 35% increase in code repositories in 2020 alone) into every aspect of our lives in the form of web or mobile applications. Adversaries have increasingly attacked these applications, and defenders have adopted various testing tools and technologies to protect them. Today most enterprises have in place an Application Security (AppSec) program to manage...
42Crunch Named as a Leader in KuppingerCole Leadership Compass Report for API Management and Security Solutions
Ranked as a Leader in Overall Leadership, Product Leadership, and Innovation Leadership Categories San Francisco, CA – August 31, 2021 – 42Crunch, the Developer-First API Security platform vendor, announced it has been named as a leader in KuppingerCole’s Leadership Compass report for API Management and Security including, overall leadership, product leadership and innovation leadership. The report also awarded 42Crunch’s solution “Strong Positive” and “Positive” ratings across the areas of...
42Crunch and Postman See Growth of Shift-Left Adoption for API Security by Enterprise
42Crunch poll reveals that a third of developers are now implementing security testing at the start of the API design lifecycle. 33% of developers implementing security after the coding stage. 34% of developers implement security either before or after production deployment. San Francisco, CA - June 24, 2021 - 42Crunch, the API Security platform vendor, has announced an integration of its API security services with Postman, the API collaboration platform...
How to test API security throughout the API lifecycle with Postman and 42Crunch
Postman, the API collaboration platform for developers, advocates an API-First approach for companies. Using 42Crunch, API developers and application security teams can now implement API security design and testing as part of their API-First approach in Postman. Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs. Watch...
42Crunch API Security Platform June 2021 Release
Our June 2021 update just went live, and I am here to tell you the details. Executive Dashboards The most noticeable change in the user interface is the new organization-level executive dashboard. It allows organization administrators to get a quick glance at the corporate use of 42Crunch API Security and the trends across Security Audit, Conformance Scan, and Protection: You may choose the time period for the trends and use...
Integrating 42Crunch API Contract Security Testing within Postman
Webinar May 4th, 2022 | 8am PST | 4pm BST Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs. 42Crunch complements Postman by providing additional capabilities to audit OpenAPI definitions, and discovering potential flaws in the security design of the APIs and data flows. Listen to this on-demand...
42Crunch raises $17m in Series A to solve global API security threat
London, UK – 42Crunch, the API security leader, today announces that it has secured $17 million in a Series A investment led by Energy Impact Partners, a leading global investment firm, joined by Adara Ventures. 42Crunch is the creator of the world’s first Application Programming Interface (API) micro-firewall and a pioneer in protecting APIs against attacks listed in the OWASP Top 10 for API Security. As stated in the Gartner...
42Crunch API Security Platform May 2021 Release
Our May 2021 update just went live, and I am here to tell you the details. Updated CI/CD plugins and repository data in the platform 42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines. These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or fail depending on the audit results. We have released new major versions of these plugins:...
Creating High Quality OAS Definitions with .Net Core
This document highlights how code annotations can be used to enhance the quality and the security posture for customers using .Net Core. 42Crunch security recommendations help enterprises discover and remediate vulnerabilities much more quickly (up to 25X more quickly) while saving 90% of manual costs (whether through internal efforts or external pen-testing). Using the Available Native Support from .Net In order to produce OAS files when developing with .NET core...
Creating High Quality OAS Definitions with Springfox – Part 2: Data Validation
In the first part of this blog, we had covered the security aspects of Spring Boot Microservices and how to inject them into your code level to generate higher quality OAS (Swagger) files. In this second part, we will cover aspects regarding attributes, operations, and data. Data Validation for Secure APIs You must be aware that according to the way you have declared the parameters, response headers, definitions, and schemas...
42Crunch API Security Platform April 2021 Release
We have just updated our API Security platform, and I want to tell you all about it. 100+ New Security Audit Checks Security Audit checks related to authentication just had a major revamp. Now instead of generic articles on insecure authentication methods, we provide specific information for each case, including: API Key passed as a query parameter API Key passed in a header API Key in a cookie Basic authentication...
Dissecting the Biggest API Breaches from Q1 2021
Webinar May 4th, 2022 | 8am PST | 4pm BST API Security can be hard and confusing, but learning from someone else's mistakes is the best way to learn! In this webinar, we will look at some of the prominent API vulnerabilities of the first 3 months of 2021: In this session we'll discuss: The story behind the attack or vulnerability Potential or actual business impact What went wrong OWASP...
Strengthening Your API Security Posture – Ford Motor Company
LOSING MY RELIGION: Successful and unsuccessful approaches to API Security in a global enterprise - A take on Ford Motor Company's approach to API security and the journey to enforce security compliance while ensuring productivity of thousands of developers managing thousands of APIs. The Cybersecurity Snowball Effect With development Communities and product teams, there are many things that have come together – everything from new developers, the introduction of open...
42Crunch API Security Platform March 2021 Release
Today we are happy to announce the global availability of the latest version of the 42Crunch API Security Platform. We have updated our community deployment used by thousands of API developers worldwide, our IDE plugins, online tools, and deployments used by our enterprise customers. Below is a summary of the biggest new features and improvements. Complex OpenAPI Security Audit 42Crunch Security Audit is the foundation of API security. It is...
API Security for Global Enterprises – Successful and unsuccessful approaches to API Security
Webinar May 4th, 2022 | 8am PST | 4pm BST Join 42Crunch and special guest speaker Darren Shelcusky, Manager of Vehicle & Connectivity Cybersecurity at Ford Motor Company, as he takes us through their approach to API security and journey to enforce security compliance while ensuring productivity of their hundreds of developers managing thousands of APIs. We're here to help you understand how to prevent an API dumpster fire! Empathize...
Creating High Quality OAS Definitions with Springfox – Part 1: Security Definitions
Spring Boot is a popular framework to build applications and APIs. Leveraging the Springfox project and code annotations, developers can generate OAS files with a high 42Crunch Security Audit score. What is the 42Crunch Security Audit? The 42Crunch Security Audit is one of 3 services from the 42Crunch API Security Platform: it consumes OpenAPI (Swagger) files and analyzes them along two axes: security and data. At the security level, the...
API Security in a Kubernetes World
Webinar May 4th, 2022 | 8am PST | 4pm BST Securing APIs deployed in Kubernetes implies securing the infrastructure, but also the APIs themselves. Having a perfectly setup cluster, with all possible protections in place, is only ONE aspect of the measures you need to take to prevent the vulnerabilities listed in the OWASP API Security Top 10. Other issues such as data leakage, mass assignment or broken authentication must...
42Crunch Announces Record Growth and API Security Leadership in 2020
IRVINE, CA, FEBRUARY 10, 2021 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced record 900% growth in 2020 led by key enterprise accounts, innovative product advancements, and growing community of APIsecurity.io — the number one API security news source. Enterprises digitalization, as well the transition to cloud-native architectures, microservices, and serverless functions has led to the proliferation of APIs. Constantly changing and network-accessible, they...
42Crunch Publishes New OpenAPI Security Audit Plugins for Eclipse, IntelliJ, PyCharm
IRVINE, CA, DECEMBER 15, 2020 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the release of new IDE OpenAPI (Swagger) editing plugins for both Eclipse and JetBrains family of IDEs including IntelliJ and PyCharm. 42Crunch’s free OpenAPI security audit plugins simplify REST API development by delivering features such as OpenAPI navigation, code snippets, intellisense, and HTML preview. More importantly, the plugins help developers...
Questions Answered: How to Best Leverage JWTs or API Security
You had questions, and we've got answers! Thank you for all the questions submitted on our webinar: "How to Best Leverage JWTs or API Security" We were unable to get to your questions, so below are all the answers to the questions that were asked! If you'd like more information please feel free to contact us. On slide 26 is the HS256 or RSA key used by the attacker...
How to Best Leverage JWTs for API Security
Webinar May 4th, 2022 | 8am PST | 4pm BST JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT standards are quite complex and it's very easy to get the implementation wrong. As a result, data breaches and API vulnerabilities due to poor JWT implementation, token leakage, and lack of proper validation remain widespread. This webinar focuses on...
OWASP API Security Top 10 Webinar Series (Part 2)
Webinar May 4th, 2022 | 8am PST | 4pm BST By now, you should know that APIs are special and deserve their own OWASP Top 10 list, but do you know how these common attacks happen and why? In this practical webinar, we review the OWASP API Security Top 10 issues one-by-one and show you how to protect yourself from them across the entire API lifecycle. For each entry, we...
Why knowing is better than guessing for API Threat Protection
Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have dominated the Application Security market. Such products became a must if you wanted to achieve...
OWASP API Security Top 10 Webinar Series (Part 1)
Webinar May 4th, 2022 | 8am PST | 4pm BST By now, you should know that APIs are special and deserve their own OWASP Top 10 list, but do you know how these common attacks happen and why? In this pragmatic webinar, we review the OWASP API Security Top 10 issues one-by-one and show you how to protect yourself from them across the entire API lifecycle. For each entry, we...
VS Code OpenAPI (Swagger) Editor Surpasses 100k Installs!
Our OpenAPI (Swagger) Editor for VS Code has reached over 100,000 installs! A year ago we released our VS Code OpenAPI (Swagger) Editor with the idea of making developers lives EASIER when it came to editing security in their OpenAPI / Swagger files. This month we surpassed 100k installs and wanted to say THANK YOU!! [xyz-ihs snippet="VS-Code-Extension-Blog"] How it works... Developers working on their APIs within 42Crunch’s...
Ready to Learn More?
Developer-first solution for delivering API security as code.