Resources
A full list of Blogs, Webinars, Press Releases, News ...

How to Protect your APIs from Broken Authentication and Unrestricted Resource Consumption

In a follow-up to our recent blogpost which explored the OWASP API Authorization risks, this week we share highlights of our webinar which featured Philippe De Ryck and Isabelle Mauny talking about the Authentication challenges encountered when protecting your APIs.  They explored just how potentially dangerous the combination of the two OWASP API Top 10 categories of Broken Authentication and Unrestricted Resource Consumption can be when an API endpoint is...

How to Protect APIs from OWASP Authorization Risks: BOLA, BOPLA & BFLA

The OWASP API Top Risks listing identifies three different Authorization challenges  Coding issues relating to Authorization configuration failures continue to present a significant challenge for development and security teams building and protecting APIs. Just read any issue of our fortnightly APIsecurity.io newsletter and you’ll discover that Authorization-based breaches are at the root of a large percentage of the high-profile attacks. Authorization, in its various flavors, presents challenges because any misconfigurations...

Top Things You Need to Know About API Security

Webinar February 6, 2024 Watch the Webinar Browse the Deck Register to get webinar recording password   The flipside of the exponential adoption of APIs over the past decade has been the upsurge in the sheer volume of API attacks. Stories of API security breaches are everywhere which shines a harsh spotlight on the ease of API abuse and the complexities of robust API security. Join this webinar as two...

How 42Crunch and Microsoft are Solving the API Security Challenge

42Crunch and Microsoft have partnered to provide continuous protection for APIs Recently 42Crunch and MIcrosoft announced a partnership to address the number one security issue challenging organizations today, namely the large and growing attack surface represented by APIs.   Application security practitioners have come to realize that application security tooling like SAST/DAST and Web Application Firewalls (WAFs) are not optimized to protect against the unique and varied threats posed by APIs....

Automatic Generation of OpenAPI contracts with API Capture

Tutorials Automate the manual task of creating OpenAPI contracts with API Capture. API Capture uses multiple sources such as Postman collections and API traffic to create OpenAPI definition files. API Capture is also available on the 42Crunch API Security Platform. Introduction to API Capture An introduction to API Capture and an overview of the main elements including the Dashboard, QuickGen, Buckets, Secrets and the OpenAPI Generator. How to use QuickGen...

API Security Testing in GitHub Actions

Tutorials In this tutorial you'll learn how to use API Audit and API Scan to run API security testing from GitHub Actions. In addition you will see how the results of the security tests are uploaded to GitHub Code Scanning. These tests can be run by paid subscribers or with limited usage by freemium users

API Security & Conformance Scan using OpenAPI Swagger Editor Extension in VS Code

Tutorials A dynamic security scan of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities. The tutorial videos below are for OpenAPI Editor in Microsoft Visual Studio Code (VS Code). API Scan is also available on the 42Crunch Platform and in GitHub Actions CI/CD. Activate API Scan CLI You can run the dynamic API Scan security test locally on your machine without having to...

Analyst Report: Review of Partnership Between 42Crunch and Microsoft

This  analyst report prepared by Dr. Edward Amoroso, CEO of Tag Infosphere Inc, offers a review of the recently announced partnership between cybersecurity vendor 42Crunch and Microsoft. Introduction The recently announced partnership between 42Crunch and Microsoft, integrating 42Crunch’s API security solutions 1 with Microsoft Defender for Cloud 2, marks a significant advancement in the field of API security 3. This collaboration aims to provide a comprehensive solution for the entire...

42Crunch And Microsoft’s Defender for Cloud Partner to Deliver End-to-End API Security

42Crunch and Microsoft integrate services to help enterprises adopt a full-lifecycle approach to API security San Francisco, CA, November 15, 2023   - Today 42Crunch, the API DevSecOps platform, announced the integration of 42Crunch’s API security audit and vulnerability testing solution with Microsoft Defender for Cloud to provide Microsoft customers continuous API protection from design to runtime. Cloud applications are increasingly API-centric, with APIs at the core of data exchange....

42Crunch Launches Automated API Contract Generation to Improve Governance & Speed Development

API World, Santa Clara, CA - October 24, 2023 - 42Crunch the API Security platform vendor, launched today, API Capture, to automate the generation of OpenAPI contracts and API security testing configurations from Postman collections and API traffic. API Capture benefits enterprises by enabling their development teams adopt best practice API security governance policies from the earliest stages in the API lifecycle at design time. This delivers improved compliance controls...

42Crunch Reaches 1 Million Developers on API Security Platform

October 24, 2023 – Santa Clara, CA. Today at API World, 42Crunch, the API Security Platform vendor, announced that it now has 1 million developers leveraging its API security tools to secure their APIs. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside their preferred Integrated Development Environments (IDE), such as Visual Studio, Intellij and Eclipse. This approach benefits enterprises by enabling their developers...

How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. Shift Left for Greater Compliance In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier into the development lifecycle makes for longer-lived and more resilient software. Shannon points out that with security requirements represented earlier in the software development process, it effectively makes enforcement...

3 Steps to Successful API Security Compliance

CISOs and application security teams are faced with the challenge of enforcing API security compliance without delaying the development lifecycle or the delivery of new services. Often thought of as a bottleneck to rapid API delivery, there is now a wide acceptance of the key role security must play at all stages of the development lifecycle to ensure that APIs are compliant with security policies before, during and after deployment....

Why most API Security solutions have not delivered on the hype

Discovering your APIs does not secure your APIs Over the past few months, we’ve heard countless variations of the following from customers and prospects - “We brought a vendor in last year that told us they could discover all of our rogue APIs, tell us where our sensitive data was flowing, and find where and how our APIs are being attacked. We're now 10 months in and we've deployed across...

The OWASP API Security Top 10 Has Been Updated – How Are Companies Reacting?

The OWASP API Security Project released an updated version of the OWASP Top 10 for APIs last month. In the intervening years since the first edition was published in 2019 API security has risen to become arguably the most pressing area of focus for CISOs and Heads of Application Security today. Certainly, at 42Crunch we have seen increased customer demand across all industry verticals and indeed the rate of uptake...

Something Old, Something New – OWASP API Security Top 10 in 2023

Webinar August 1, 2023 | 9am PDT | 5pm BST Watch the Webinar Browse the Deck The OWASP API Security project has recently updated its Top 10 list of vulnerabilities that are commonly found in APIs. This list includes both well-known issues and new ones that are currently affecting APIs in the real world. It is crucial for those involved in the API industry to stay informed about these top...

Mastering Secure API Development with GitHub and 42Crunch

Webinar July 13, 2023 Watch the Webinar Browse the Deck With over 100 million users and 330 million repositories, GitHub has become the de facto home of software development. GitHub has become so much more than purely a Git repository hosting platform. With features such as repository forking, pull requests, and, most notably, GitHub Actions, it is now a one-stop development platform. 42Crunch is the developer-first API security platform with...

Payemoji and 42Crunch announce partnership

Dublin, Ireland - July 12, 2023 42Crunch, the automated API security testing and threat protection vendor and Payemoji's conversational commerce solution announce partnership. Introduction to Conversational commerce API security Conversational commerce has transformed the way businesses engage with their customers. Through messaging platforms, voice assistants, and chatbots, companies can now offer personalized recommendations, process transactions, provide customer support, and gather valuable insights. This level of interaction and convenience has significantly...

42Crunch Announces Next Generation of API Security Testing Services at Gartner® Security & Risk Management Summit 2023

Enhances API Security Governance and Reduces Developer Friction Gartner Security & Risk Management Summit, National Harbor, Md. June 5, 42Crunch, the API Security platform company, announced the latest set of API security testing and threat protection capabilities, designed to ensure companies build APIs that are secure by default and don’t impede the developer workflow. Companies will benefit from these latest advancements by enhancing their overall API security governance and compliance...

Why API Security Cannot Wait Until Production

Webinar May 11, 2023 Watch the Webinar Browse the Deck Enterprise Management Associates' recent survey of technology and business leaders in North America revealed that 32% of firms admitted to only implementing API security standards in their production environment. What does this say about the state of API Security globally? Simply put, the opportunity to miss a step or control once your API is deployed into production is part of...

42Crunch and Spike Reply Join Forces to Strengthen API Security for DACH Region

Dublin, Ireland and Duesseldorf, Germany - March 28, 2023 42Crunch, the Developer-First API Security platform vendor and Spike Reply, today announced their commercial partnership to offer API security within the DACH region. Spike Reply will resell the 42Crunch API Security platform and provide implementation services to enterprises throughout the region as they strengthen their API-first strategies. Application leaders in enterprises are encountering an ever-increasing volume and variety of API attacks and need to protect their...

Build Secure APIs in VS Code with Instant API Security Testing

Webinar March 21, 2023 Watch the Webinar Browse the Deck The DevSecOps' movement has resulted in vendors providing tools for developers inside their IDEs. Many of the security tools integrated into the IDE unfortunately leave a lot to be desired -  slow scanning times, noisy results, and no real added productivity value to busy developers. However, the 42Crunch VS Code API security audit integration is a complete game changer, evidenced...

Mind the Gap! How API Security Testing Tools Complement API Gateways for Enhanced API Security

“I want security, yeah Without it I had a great loss, no now Security, yeah And I want it at any cost …” (Otis Redding, 1964) Otis Redding may well have been singing about the love for another in these famous lines, but taken literally, his message will resonate with any company that has recently suffered an API breach. Sadly the number of companies impacted by API breaches is growing...

42Crunch recognized as a Microsoft Security Excellence Awards finalist for Security Software Innovator

San Francisco, CA — March 14, 2023.  42Crunch, the Developer-First API Security platform today announced it is a Security Software Innovator award finalist in the Microsoft Security Excellence Awards. The company was honored among a global field of industry leaders that demonstrated success across the security landscape during the past 12 months. Jacques Declas, CEO at 42Crunch said “As pioneers in the category, we are proud to work closely with...

Protect Your APIs with Microsoft Azure Sentinel and 42Crunch Platforms

Webinar January 31, 2023 Watch the Webinar Browse the Deck This webinar showcases how users of the Microsoft Azure Sentinel platform via the 42Crunch platform integration can proactively protect their APIs. By leveraging 42Crunch's API security platform, Azure Sentinel users gain visibility into their API infrastructure, identify vulnerabilities, and mitigate risks. Well-designed, secure APIs are critical to mitigating the risk of attack, but it is essential to also actively monitor...

42Crunch expands Microsoft collaboration by joining MISA

42Crunch Expands Collaboration with Microsoft by Joining Microsoft Intelligent Security Association Collaboration Consolidates End-to-End API Security Experience for the Enterprise San Francisco, January 10, 2023 – 42Crunch, the Developer First API Security platform company, announced today that it has joined the Microsoft Intelligent Security Association (MISA), a group of security technology providers who have integrated their solutions with Microsoft’s security technology products to better defend against a world of increasing threats....

Why 42Crunch’s MISA Certification is Important for API Security

Today I’m proud to announce that 42Crunch is the first API Security platform vendor to join the Microsoft Intelligent Security Association. This accreditation has been achieved as a result of our integration with Microsoft Azure Sentinel, the cloud-native security information and event management (SIEM) platform. APIs are a key target for malicious actors, and the integration of the 42Crunch platform with Azure Sentinel will significantly reduce the risk of API-related...

Review of the Major API Breaches from H2 2022

Webinar Dec 13th, 2022 | 8am PST | 4pm GMT Watch the Webinar Browse the Deck Colin Domoney reviews some of the major API breaches that occurred in the second half of this year. In this practical webinar he outlines the API vulnerabilities that were compromised during the attacks and shows how to protect against them. Why Attend? Gain an understanding of how the API vulnerabilities occurred and the resulting...

APImetrics and 42Crunch Collaborate to Close the Loop on API Governance and Compliance

42Crunch and APImetrics offer best-of-breed API security enforcement and API performance and SLA validation.   November 22, 2022, Seattle, WA APImetrics and 42Crunch are collaborating to offer a holistic view across the API lifecycle and dive deep into the API runtime, providing unparalleled observability of the real-world behavior and security of API products. Companies can verify that the critical security API properties are enforced and operate as designed and specified...

42Crunch becomes a member of OWASP to Advance API Security 

November 14, 2022, San Francisco, CA -  42Crunch is pleased to announce our corporate membership of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software. At 42Crunch we have always been inspired by OWASP’s role as an enabler of the  global security professional community. Our membership allows us to support OWASP projects while also allowing us to help shape the...

42Crunch Now Available On Microsoft Azure Marketplace.

Developer-First API Security to Help Enterprises Achieve End-to-End Protection of their Digital Initiatives   42Crunch is at API World in San Jose this week, the annual gathering of the API industry. I find it a wonderful event where end-users, vendors, consultants and analysts meet to explore and learn about the benefits gained from implementing an API-first approach to improve their businesses. APIs have been the bedrock of the digital transformation...

Defending APIs with Jim Manico

WEBINAR November 10, 2022 | 9am PST | 5pm BST Watch the Webinar Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs. Episode 1: Request Forgery on the Web - CSRF & SSRF In this first episode Jim and Colin will discuss request forgery and how to prevent it. This technical talk is intended for...

Hacking APIs for Fun & Profit

Webinar October 6, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck To become an effective builder of secure APIs it is important to understand how your API is going to be attacked. By far the best way to learn more about the attack vectors, techniques, and skills is to listen to the real world stories from leading pen testers as they reveal their discovery and...

42Crunch Strengthens Shift-Left for API Security with API Scan from Inside IDE

500,000 API Developers secure APIs as they develop from inside their favorite IDEs 19 September, 2022 – San Francisco, API Specifications Conference (ASC) – 42Crunch, the Developer First API Security platform company, announced today at ASC the availability of the platform’s API Scan service inside the leading IDEs for developers. With over 500,000 developers already using 42Crunch, this latest addition to the platform means enterprises can further strengthen their shifting...

Review of the Major API Breaches from H1 2022 – Episode 2

Two-Part Webinar Series May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck This is a two-part webinar series on the global API breaches from H1 2022 that made the news. The first episode described the breaches at a high level and this the second, describes how to defend against them. Episode 2: How to defend against the API security breaches covered in Episode 1...

Benefits of a Positive Security Model for APIs

WEBINAR August 2, 2022 | 10:00 CDT | 16:00 BST Watch the Webinar Browse the Deck Positive Security is a model that enables access to known trusted resources rather than trying to determine what activity or entities have hostile intent. Applying a positive security model when protecting your APIs can offer direct benefits such as reduction in false negatives, lower reliance on constantly adding characteristics of hostile traffic, and others....

REST API Risk Audit – Online Demo

Webinar May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this session, 42Crunch technical expert, Andy Wright, walks through how to perform a Security Audit and a Conformance Scan of your API Contract. He immediately builds a security report and calculates an audit score for each API he analyzes based on the OpenAPI annotations in the API definition. This audit score reflects the...

Empathy for the API Developer

Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help foster greater collaboration. “..Security teams have always been perceived as an impediment to delivery by software teams who feel that security imposes...

Review of the Major API Breaches from H1 2022 – Episode 1

Two-Part Webinar Series May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck This is a two-part webinar series on the global API breaches from H1 2022 that made the news. This first session describes the breaches at a high level and the second episode describes how to defend against them. Episode 1: High profile API security breaches and how the vulnerability occurred As APIs...

42Crunch Reaches 450,000 Developers as Shift-Left & Shield-Right Approach For API Security Prevails

JUNE 7, 2022 – National Harbor, Maryland. Today at the Gartner Security & Risk Management Summit, 42Crunch, the Developer-First API Security Platform vendor, announced that it has over 450,000 developers now using its API Security tools. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside the market leading Integrated Development Environments (IDE), Visual Studio, Intellij and Eclipse. This shift-left approach benefits enterprises by enabling developers...

An Introduction to API Security

Isabelle Mauny from 42Crunch takes a high level look at the different problems facing APIs today and gives some recommendations in her article on APIscene.io The idea of this article is to serve as an introduction to API security. We’ll look from a high-level view at all the different problems that are stacking up around APIs right now and give you some highlights of recommendations. It will be no surprise...

When Shift-Left is more than a marketing campaign

Earlier this month I had the chance to join my new colleagues from 42Crunch at our all-hands in Ireland and I couldn’t be more excited that there’s something special that we’re building here. Setting aside that Cork and Kinsale are some of the prettiest places I’ve ever visited, I was able to see how passionate the 42Crunch team is about an approach that’s new to me as someone who’s been...

Sua empresa não tem alternativa: Proteger as APIs da forma correta passa a ser uma obrigação

O grande susto Um amigo comentou comigo um episódio interessante: Telefonaram para ele dizendo que era um canal de nível oito de seu banco, confirmando dados como endereço, nome de mãe e pai, cônjuge, filhos etc, dizendo que existiam transações suspeitas, e que a conta dele havia sido invadida e ele precisava ligar urgentemente para central do banco, e seguir os passos para mudanças de senha e a pessoa do...

Actively Monitor and Defend Your APIs with 42Crunch and the Azure Sentinel Platform

Webinar May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this webinar 42Crunch and CyberProof demonstrate how to proactively integrate API access logs into the Microsoft Azure Sentinel platform and actively defend APIs with the 42Crunch API Micro-Firewall. APIs are increasingly the number one attack vector for adversaries due to their growing abundance and ease of attack via automated scripts and tools. Most...

Lessons learned from the Spring4Shell vulnerability

Recently we published an article on the log4shell vulnerability targeting log4j, in which we explained how APIs can be protected against injection attacks with a positive security model, and how 42Crunch easily enables such a model. Now, it’s time for the Spring4Shell (CVE-2022-22965) vulnerability, targeting the Spring framework, commonly used to build APIs. What can we learn from this vulnerability? Diving into Spring4Shell The Spring team has published an article...

OWASP API Security TOP 10 Challenges – Episode 3

THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this 3-part webinar series Dr. Philippe De Ryck, Web Security Expert with Pragmatic Web Security and Colin Domoney of 42Crunch and APISecurity.io, take a deep dive into understanding and addressing the OWASP API Security Top 10 issues. Through detailed practical examples and use cases, they guide developers and security professionals through...

OWASP API Security Top 10: Comprendre les menaces qui ciblent les APIs

Webinaire May 4th, 2022 | 8am PST | 4pm BST Enregistrement du webinaire Ce webinaire, dédié à la sécurité des APIs, traite des menaces listées par l'OWASP API Security top 10. Vous assisterez à l'explication détaillée de chaque menace, son exploitation possible, des exemples d'attaques réussies et comment, grâce à la technologie 42crunch il est possible de s'en prémunir. Ces dernières années, de nombreuses entreprises telles que Facebook, Google ou...

How to Extend Protection of your Data from API to Mobile Application

Webinar May 4th, 2022 | 8am PST | 4pm BST This webinar presents the new integration of 42Crunch with comprehensive mobile app protection from Approov. A joint solution that delivers shift-left API protection as well as run-time shielding that extends all the way to your mobile apps and the environments they run in. APIs are a mobile app developers best friend as they help reduce development time and save costs,...

Why Developer-First API Security is Prevailing in Enterprise

Why Developer-First API Security is Prevailing in Enterprise. The DevSecOps movement has led to a distinct “shift-left” in the enterprise where tasks are moved earlier in the development cycle so that developers can directly address production concerns as the code is being written. Companies are realizing greater business benefits from this shift-left approach, with accelerated application delivery times and the dismantling of a siloed approach to the software development lifecycle...

OWASP API Security TOP 10 Challenges – Episode 2

THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this first episode in the webinar series, Dr Philippe de Ryck and Colin Domoney discuss API security today and the challenges presented by the OWASP API security top 10. Questions from attendees were addressed throughout the webinar. Episode 2: Address the OWASP API Authentication and Authorization Challenges In this second episode...

How Developers Can Become API Security Champions

Question: Everyone is talking about DevSecOps, why are we not able to fix the security issues? Despite the obvious challenges, Colin believes that the industry has made progress as compared to ten years ago when very insecure code was prevalent. Today's code is definitely more secure and security is improving — thankfully most developers are at least now aware of what an SQL injection attack is.  Philippe also thinks things...

Why Do APIs Merit a Separate OWASP Top 10 Listing?

Throughout the 3 part webinar series "API Security Landscape Today and the OWASP API Security Top 10 Challenges" we will publish blog posts that highlight some of the main talking points addressed by the speakers.  In this post, Philippe and Colin explore the differences between APIs and web apps that necessitated the creation of a dedicated OWASP API Security Top 10 and how developers can play an active role alongside their...

Protecting your APIs against Log4Shell with 42Crunch

On December 9th, 2021, the log4shell vulnerability hit the news and it has since been every security team's worst nightmare: trivially exploitable, huge impact with RCE (Remote Code Execution), on a component widely used across traditional enterprise technological stacks, both in in-house and third-party software. All this combined explains its CVSS rating of 10 – the highest possible. It is probably one of the worst flaws I have witnessed in...

OWASP API Security TOP 10 Challenges – Episode 1

THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST Watch the Webinar Browse the Deck In this 3-part webinar series Dr. Philippe De Ryck, Web Security Expert with Pragmatic Web Security and Colin Domoney of 42Crunch and APISecurity.io, take a deep dive into understanding and addressing the OWASP API Security Top 10 issues. Through detailed practical examples and use cases, they guide developers and security professionals through...

7 Ways to Avoid JWT Security Pitfalls

Dec 22nd 2021.  Author: Dr. Philippe de Ryck, Pragmatic Web Security, Like them or hate them, JSON Web Tokens (JWT) are everywhere. OAuth 2.0 and OpenID Connect rely heavily on JWTs. Many applications use JWTs to implement custom security mechanisms. And every language or framework offers plenty of support for JWTs. Unfortunately, JWTs also lie at the heart of numerous API security failures. Handling JWTs securely is often challenging and...

Automate your API security with Security as Code

 Webinar Traditionally developers like to focus on the data and functionality of their APIs while the security team is concerned with the enforcement of API security controls and policies. This siloed approach has led to inefficiencies and bottlenecks in the DevSecOps' cycle that are delaying the release of APIs and creating cost over runs. In this webinar we look at how organizations can overcome this challenge by adopting a "security...

Protección efectiva de sus APIs y Microservicios

Webinar May 4th, 2022 | 8am PST | 4pm BST Tus APIs están en riesgo, punto! Muchas organizaciones tienen la epifanía de que tener los componentes tradicionales como WAF y las capacidades tradicionales de los API Gateways son suficientes para que estén protegidas, pero no lo están. En ese seminario web, presentaremos la plataforma 42Crunch, que puede funcionar en conjunto con sus herramientas existentes, en su pipeline DevSecOps. Para qué...

Diseñando API seguras usando la plataforma 42Crunch con Postman

Webinar May 4th, 2022 | 8am PST | 4pm BST Diseñando APIs seguras usando la plataforma 42Crunch con Postman En este webinar bajo demanda se detallará cómo combinar lo mejor de 42Crunch y Postman para: Realizar tareas de desarrollo, simulación y prueba de APIs Aprovechar los recursos de 42Crunch para ejecutar de maneras sencilla la auditoría de seguridad desde postman UI Automatizar las herramientas de 42Crunch en CI/CD en tiempo...

Why Continuous API Security is key to protecting your Digital Business

Webinar May 4th, 2022 | 8am PST | 4pm BST Join these experts as they discuss the benefits of an integrated, continuous, and proactive approach to API security that combines proactive application security measures with continuous activity monitoring, API-specific threat analysis, and runtime policy enforcement. Alexei Balaganski explains how the security and compliance risks that APIs are exposed to are shaping the future of API security solutions and provides an...

Why Continuous API Security is key to protecting your Digital Business – Show Webinar

Webinar May 4th, 2022 | 8am PST | 4pm BST Join these experts as they discuss the benefits of an integrated, continuous, and proactive approach to API security that combines proactive application security measures with continuous activity monitoring, API-specific threat analysis, and runtime policy enforcement. Alexei Balaganski explains how the security and compliance risks that APIs are exposed to are shaping the future of API security solutions and provides an...

42Crunch and Cisco Collaborate to Drive API Security Forward and to Increase Cloud Protection

October 11, San Francisco, CA – Today at KubeCon, 42Crunch, the Developer-First API security platform company, announced their collaboration with Cisco to provide the developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection. APIs are increasingly a favorite target for hackers seeking to compromise cloud environments with malware such as cryptojacking and ransomware. 42Crunch and Cisco are addressing these threats by...

42Crunch Accelerates API Security with Two Key Executive Appointments

42Crunch Accelerates API Security with Two Key Executive Appointments Industry Veterans Stephen Gomann and Hugh Carroll Tapped to Support API Leader’s Rapid Growth San Francisco, CA – October 5, 2021 – 42Crunch, the Developer-First API Security platform vendor, today announced two key senior additions to its growing global team. Stephen Gomann has been appointed as Chief Revenue Officer (CRO) to lead the company's sales organization, overseeing global sales and business...

Application Security Tools Are Not up to the Job of API Security

The last two decades have seen a proliferation of software (according to GitHub there has been a 35% increase in code repositories in 2020 alone) into every aspect of our lives in the form of web or mobile applications. Adversaries have increasingly attacked these applications, and defenders have adopted various testing tools and technologies to protect them. Today most enterprises have in place an Application Security (AppSec) program to manage...

42Crunch Named as a Leader in KuppingerCole Leadership Compass Report for API Management and Security Solutions

Ranked as a Leader in Overall Leadership, Product Leadership, and Innovation Leadership Categories   San Francisco, CA  – August 31, 2021 – 42Crunch, the Developer-First API Security platform vendor, announced it has been named as a leader in KuppingerCole’s Leadership Compass report for API Management and Security including, overall leadership, product leadership and innovation leadership. The report also awarded 42Crunch’s solution “Strong Positive” and “Positive” ratings across the areas of...

42Crunch and Postman See Growth of Shift-Left Adoption for API Security by Enterprise

42Crunch poll reveals that a third of developers are now implementing security testing at the start of the API design lifecycle.  33% of developers implementing security after the coding stage. 34% of developers implement security either before or after production deployment. San Francisco, CA  - June 24, 2021 - 42Crunch, the API Security platform vendor, has announced an integration of its API security services with Postman, the API collaboration platform...

How to test API security throughout the API lifecycle with Postman and 42Crunch

Postman, the API collaboration platform for developers, advocates an API-First approach for companies. Using 42Crunch, API developers and application security teams can now implement API security design and testing as part of their API-First approach in Postman. Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs. Watch...

42Crunch API Security Platform June 2021 Release

Our June 2021 update just went live, and I am here to tell you the details. Executive Dashboards The most noticeable change in the user interface is the new organization-level executive dashboard. It allows organization administrators to get a quick glance at the corporate use of 42Crunch API Security and the trends across Security Audit, Conformance Scan, and Protection: You may choose the time period for the trends and use...

Integrating 42Crunch API Contract Security Testing within Postman

Webinar May 4th, 2022 | 8am PST | 4pm BST Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs. 42Crunch complements Postman by providing additional capabilities to audit OpenAPI definitions, and discovering potential flaws in the security design of the APIs and data flows. Listen to this on-demand...

42Crunch raises $17m in Series A to solve global API security threat

London, UK – 42Crunch, the API security leader, today announces that it has secured $17 million in a Series A investment led by Energy Impact Partners, a leading global investment firm, joined by Adara Ventures. 42Crunch is the creator of the world’s first Application Programming Interface (API) micro-firewall and a pioneer in protecting APIs against attacks listed in the OWASP Top 10 for API Security. As stated in the Gartner...

42Crunch API Security Platform May 2021 Release

Our May 2021 update just went live, and I am here to tell you the details. Updated CI/CD plugins and repository data in the platform 42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines. These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or fail depending on the audit results. We have released new major versions of these plugins:...

Creating High Quality OAS Definitions with .Net Core

This document highlights how code annotations can be used to enhance the quality and the security posture for customers using .Net Core. 42Crunch security recommendations help enterprises discover and remediate vulnerabilities much more quickly (up to 25X more quickly) while saving 90% of manual costs (whether through internal efforts or external pen-testing). Using the Available Native Support from .Net In order to produce OAS files when developing with .NET core...

Creating High Quality OAS Definitions with Springfox – Part 2: Data Validation

In the first part of this blog, we had covered the security aspects of Spring Boot Microservices and how to inject them into your code level to generate higher quality OAS (Swagger) files. In this second part, we will cover aspects regarding attributes, operations, and data. Data Validation for Secure APIs You must be aware that according to the way you have declared the parameters, response headers, definitions, and schemas...

42Crunch API Security Platform April 2021 Release

We have just updated our API Security platform, and I want to tell you all about it. 100+ New Security Audit Checks Security Audit checks related to authentication just had a major revamp. Now instead of generic articles on insecure authentication methods, we provide specific information for each case, including: API Key passed as a query parameter API Key passed in a header API Key in a cookie Basic authentication...

Dissecting the Biggest API Breaches from Q1 2021

Webinar May 4th, 2022 | 8am PST | 4pm BST API Security can be hard and confusing, but learning from someone else's mistakes is the best way to learn! In this webinar, we will look at some of the prominent API vulnerabilities of the first 3 months of 2021: In this session we'll discuss: The story behind the attack or vulnerability Potential or actual business impact What went wrong OWASP...

Strengthening Your API Security Posture – Ford Motor Company

LOSING MY RELIGION: Successful and unsuccessful approaches to API Security in a global enterprise - A take on Ford Motor Company's approach to API security and the journey to enforce security compliance while ensuring productivity of thousands of developers managing thousands of APIs. The Cybersecurity Snowball Effect With development Communities and product teams, there are many things that have come together – everything from new developers, the introduction of open...

42Crunch API Security Platform March 2021 Release

Today we are happy to announce the global availability of the latest version of the 42Crunch API Security Platform. We have updated our community deployment used by thousands of API developers worldwide, our IDE plugins, online tools, and deployments used by our enterprise customers. Below is a summary of the biggest new features and improvements. Complex OpenAPI Security Audit 42Crunch Security Audit is the foundation of API security. It is...

API Security for Global Enterprises – Successful and unsuccessful approaches to API Security

Webinar May 4th, 2022 | 8am PST | 4pm BST Join 42Crunch and special guest speaker Darren Shelcusky, Manager of Vehicle & Connectivity Cybersecurity at Ford Motor Company, as he takes us through their approach to API security and journey to enforce security compliance while ensuring productivity of their hundreds of developers managing thousands of APIs. We're here to help you understand how to prevent an API dumpster fire! Empathize...

Creating High Quality OAS Definitions with Springfox – Part 1: Security Definitions

Spring Boot is a popular framework to build applications and APIs. Leveraging the Springfox project and code annotations, developers can generate OAS files with a high 42Crunch Security Audit score. What is the 42Crunch Security Audit? The 42Crunch Security Audit is one of 3 services from the 42Crunch API Security Platform: it consumes OpenAPI (Swagger) files and analyzes them along two axes: security and data. At the security level, the...

API Security in a Kubernetes World

Webinar May 4th, 2022 | 8am PST | 4pm BST Securing APIs deployed in Kubernetes implies securing the infrastructure, but also the APIs themselves. Having a perfectly setup cluster, with all possible protections in place, is only ONE aspect of the measures you need to take to prevent the vulnerabilities listed in the OWASP API Security Top 10. Other issues such as data leakage, mass assignment or broken authentication must...

42Crunch Announces Record Growth and API Security Leadership in 2020

IRVINE, CA, FEBRUARY 10, 2021 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced record 900% growth in 2020 led by key enterprise accounts, innovative product advancements, and growing community of APIsecurity.io — the number one API security news source. Enterprises digitalization, as well the transition to cloud-native architectures, microservices, and serverless functions has led to the proliferation of APIs. Constantly changing and network-accessible, they...

42Crunch Publishes New OpenAPI Security Audit Plugins for Eclipse, IntelliJ, PyCharm

IRVINE, CA, DECEMBER 15, 2020 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the release of new IDE OpenAPI (Swagger) editing plugins for both Eclipse and JetBrains family of IDEs including IntelliJ and PyCharm. 42Crunch’s free OpenAPI security audit plugins simplify REST API development by delivering features such as OpenAPI navigation, code snippets, intellisense, and HTML preview. More importantly, the plugins help developers...

Questions Answered: How to Best Leverage JWTs or API Security

You had questions, and we've got answers! Thank you for all the questions submitted on our webinar: "How to Best Leverage JWTs or API Security" We were unable to get to your questions, so below are all the answers to the questions that were asked! If you'd like more information please feel free to contact us.   On slide 26 is the  HS256 or RSA key used by the attacker...

How to Best Leverage JWTs for API Security

Webinar May 4th, 2022 | 8am PST | 4pm BST JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT standards are quite complex and it's very easy to get the implementation wrong. As a result, data breaches and API vulnerabilities due to poor JWT implementation, token leakage, and lack of proper validation remain widespread. This webinar focuses on...

OWASP API Security Top 10 Webinar Series (Part 2)

 Webinar May 4th, 2022 | 8am PST | 4pm BST By now, you should know that APIs are special and deserve their own OWASP Top 10 list, but do you know how these common attacks happen and why? In this practical webinar, we review the OWASP API Security Top 10 issues one-by-one and show you how to protect yourself from them across the entire API lifecycle. For each entry, we...

Why knowing is better than guessing for API Threat Protection

Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have dominated the Application Security market. Such products became a must if you wanted to achieve...

OWASP API Security Top 10 Webinar Series (Part 1)

 Webinar May 4th, 2022 | 8am PST | 4pm BST By now, you should know that APIs are special and deserve their own OWASP Top 10 list, but do you know how these common attacks happen and why? In this pragmatic webinar, we review the OWASP API Security Top 10 issues one-by-one and show you how to protect yourself from them across the entire API lifecycle. For each entry, we...

VS Code OpenAPI (Swagger) Editor Surpasses 100k Installs!

Our OpenAPI (Swagger) Editor for VS Code has reached over 100,000 installs! A year ago we released our VS Code OpenAPI (Swagger) Editor with the idea of making developers lives EASIER when it came to editing security in their OpenAPI / Swagger files. This month we surpassed 100k installs and wanted to say THANK YOU!!   [xyz-ihs snippet="VS-Code-Extension-Blog"]     How it works... Developers working on their APIs within 42Crunch’s...

42Crunch Releases OpenAPI Static Security Audit in GitHub Code Scanning

IRVINE, CA, OCTOBER 7, 2020 — Today, the API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of its REST API Static Security Testing with  GitHub code scanning. By adding 42Crunch to code scanning, developers can include REST API OpenAPI / Swagger definitions within static security tests. Most of today’s applications are driven by APIs. The transition to cloud-native architectures, microservices, serverless, single-page, IoT,...

OAuth, OWASP, Gateways and Meshes – Oh my!

Webinar Watch the Webinar Browse the Deck To consider and apply API security effectively, we need to understand where we are and where we need to go. We need to know the tools we have available and who our allies are. Finally, we need a clear path and priorities on what we can accomplish and how. In this webinar, we'll lay out a reference architecture to ensure we understand the...

Questions Answered: OpenAPI for API Security

You had questions, and we've got answers! Thank you for all the questions submitted on our webinar: "OpenAPI for API Security - Why guess when you know?!" Below is the replay and all the answers to the questions that were asked. If you'd like more information please feel free to contact us.   Webinar: OpenAPI for API Security: Why guess when you know?! Slide Deck: OpenAPI for API Security Slide Deck...

OpenAPI for API Security (Why Guess when you know?)

Webinar May 4th, 2022 | 8am PST | 4pm BST According to the State of the APIs report released by Smartbear in 2019, 80% of developers use OpenAPI to describe their APIs (you may still call it Swagger, but you really should call it OpenAPI now!) What if you could put this developer work to good use, leveraging it to protect your APIs from threats, and this as early as...

API Security Platform Overview

Tutorials Overview of the 42Crunch API Security Platform, how to get started and the general dashboard layout. Login and Dashboard To log into the platform, go to https://platform.42crunch.com/login A successful login takes you to your dashboard and the landing page of the platform. From here you can immediately start creating API collections, importing API definitions, or check your profile settings. Platform Functions A unique thing about 42Crunch Platform is that...

Questions Answered: Let’s shift API security left – sure, but how?

You had questions, and we've got answers! Thank you for all the questions submitted on our webinar: "Let's shift API security left - sure, but how?" Below is the replay and all the answers to the questions that were asked. If you'd like more information please feel free to contact us.   [xyz-ihs snippet="Webinar-Lets-Shift-API-Security-Left"]   Don't the cloud service providers offer API discovery/inventory services? API Discovery is provided by several vendors,...

Let’s shift API Security Left! Sure, but how?

Two-Part Webinar Series May 4th, 2022 | 8am PST | 4pm BST API security flaws are injected at many different levels of the API lifecycle: in requirements, development and deployment. It is proven that detecting and fixing vulnerabilities during production or post-release time is up to 30 times more difficult than earlier in the API lifecycle. Shifting left is promising to enhance API security. But shifting left means security starts...

42Crunch approach vs. Traditional WAF approach: using positive security by default

When talking to prospects or presenting our solution at conferences, we inevitably get asked the same question: what's the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don't. WAFs were built to protect web applications and there is no standard way to describe what a web application does and how to interact with it (its "interface",...

42Crunch Launches New REST API Static Security Testing Extension for Bitbucket Pipelines

IRVINE, CA, JUNE 16, 2020 — Today, the API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Atlassian’s code collaboration and CI/CD solution, Bitbucket Pipelines. This extension enables companies to easily enforce secure API design right from their CI/CD pipeline — making it easier than ever to enable a DevSecOps process for API security....

OpenAPI (Swagger) Security Audit on the 42Crunch Platform

Tutorials Now that you have had an overview of the platform, let's get started by importing an API for security audit. Importing APIs To import an OpenAPI (formerly Swagger) definition, click Import API (1) to upload your JSON file. These files contain all the basic information and documentation on how your API functions. As mentioned in the platform overview tutorial, (2) APIs are grouped into collections. If you have not yet created a...

BitBucket Pipelines API Security Audit Extension

Tutorials In this quick tutorial you'll learn how to add static security testing to your REST APIs in Bitbucket with the 42Crunch REST API Static Security Extension. Prerequisite: Make sure you have a 42Crunch API Security Platform account. You can register here: https://platform.42crunch.com/register Create API Token for the pipe You must add an API token that the pipe uses to authenticate to Security Audit. Log in to 42Crunch Platform, and...

OpenAPI (Swagger) Security Audit Report Explained

Tutorials In our previous tutorial, we have created an API collection, and imported and audited an OpenAPI (Swagger) definition file. Now we are going to drill into the report and walk you through how to get the most out of it. Viewing Checks API Contract Security Audit is a static analysis of your OpenAPI (Swagger) file using OpenAPI Specification. We run 300+ checks on your API definition, and you can...

Questions Answered: 42Crunch Security Audit for WSO2 API Manager 3.1

You had questions, and we've got answers! Thank you for all the questions submitted on our "42Crunch Security Audit for WSO2 API Manager 3.1" webinar. Below is the replay and all the answers to the questions that were asked. If you'd like more information please feel free to contact us.   [xyz-ihs snippet="WSO2-Webinar"]       Is this audit feature available with the community version of WSO2? Yes it is....

Ready to Learn More?

Developer-first solution for delivering API security as code.