42Crunch Adds API Security Audit to its Visual Studio Code OpenAPI Extension

SAN JOSE, OCTOBER 9, 2019 — Today at API World, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of REST API Security Audit functionality in its popular OpenAPI extension for Microsoft Visual Studio Code — making it easier than ever to enable a DevSecOps process for API security.

Developers working on their APIs within 42Crunch’s VS Code extension simply have to click the Security Audit button at the top right of the window to run a remote service that will audit the API contract against 200+ various checks for API security best practices and possible vulnerabilities; including authentication, authorization, transport, data inputs and outputs.

The results are presented as an actionable Security Audit report. Each vulnerability is also underlined in the code and added to the IDE’s Problems panel. The tool provides an explanation, possible exploit scenario, and fix recommendations.

“With APIs increasingly becoming one of the primary attack vectors, companies want to shift-left and have developers ensure that their APIs are designed and implemented with security in mind from day 1,” says Dmitry Sotnikov, VP of Cloud Platform at 42Crunch. “Today 42Crunch has made it easier for software engineers to get API security audit and recommendations at their fingertips, right within their IDE.”

The extension supports both version 2 and version 3 of OpenAPI specification, both JSON and YAML formats. It’s available free to all VS Code users at and already has more than 16 thousand installations and 11 five-star reviews.

API World 2019
Join 42Crunch at API World – Booth 306 to learn more about ensuring API security across all REST APIs in your company.

For a deeper dive into DevSecOps for API Security and the OWASP API Top 10 – join our security experts for their presentations today:  

The Dev, Sec and Ops of API Security
Register for Isabelle Mauny’s workshop on Wednesday October 9th at 9am. In this presentation you will learn:

  • Security risks at each stage of the API lifecycle, and how to mitigate them.
  • How to implement an end-to-end automated API security model that development, security and operations teams will love.
  • How to think positive! Why a positive security model works.

OWASP API Security Top 10
Register for Dmitry Sotnikov’s open talk on Wednesday October 9th at 4pm. In this presentation we’ll discuss:

  • What makes API Security different from web application security
  • The top 10 common API security vulnerabilities
  • Examples and mitigation strategies for each of the risks

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more.  

If you want to see the whole platform in action, request a demo now!

Visit our online community

Latest Resources


Something Old, Something New – OWASP API Security Top 10 in 2023

42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.


How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

By Mark Dolan | September 19, 2023

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier in the development lifecycle makes for longer-lived and more resilient software. The principles she advocates for are also what guides us at 42Crunch..


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.