42Crunch Adds API Security Audit to its Visual Studio Code OpenAPI Extension

SAN JOSE, OCTOBER 9, 2019 — Today at API World, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of REST API Security Audit functionality in its popular OpenAPI extension for Microsoft Visual Studio Code — making it easier than ever to enable a DevSecOps process for API security.

Developers working on their APIs within 42Crunch’s VS Code extension simply have to click the Security Audit button at the top right of the window to run a remote service that will audit the API contract against 200+ various checks for API security best practices and possible vulnerabilities; including authentication, authorization, transport, data inputs and outputs.

The results are presented as an actionable Security Audit report. Each vulnerability is also underlined in the code and added to the IDE’s Problems panel. The tool provides an explanation, possible exploit scenario, and fix recommendations.

“With APIs increasingly becoming one of the primary attack vectors, companies want to shift-left and have developers ensure that their APIs are designed and implemented with security in mind from day 1,” says Dmitry Sotnikov, VP of Cloud Platform at 42Crunch. “Today 42Crunch has made it easier for software engineers to get API security audit and recommendations at their fingertips, right within their IDE.”

The extension supports both version 2 and version 3 of OpenAPI specification, both JSON and YAML formats. It’s available free to all VS Code users at and already has more than 16 thousand installations and 11 five-star reviews.

API World 2019
Join 42Crunch at API World – Booth 306 to learn more about ensuring API security across all REST APIs in your company.

For a deeper dive into DevSecOps for API Security and the OWASP API Top 10 – join our security experts for their presentations today:  

The Dev, Sec and Ops of API Security
Register for Isabelle Mauny’s workshop on Wednesday October 9th at 9am. In this presentation you will learn:

  • Security risks at each stage of the API lifecycle, and how to mitigate them.
  • How to implement an end-to-end automated API security model that development, security and operations teams will love.
  • How to think positive! Why a positive security model works.

OWASP API Security Top 10
Register for Dmitry Sotnikov’s open talk on Wednesday October 9th at 4pm. In this presentation we’ll discuss:

  • What makes API Security different from web application security
  • The top 10 common API security vulnerabilities
  • Examples and mitigation strategies for each of the risks

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more.  

If you want to see the whole platform in action, request a demo now!

Visit our online community

Latest Resources


Top Things You Need to Know About API Security

Two of the API security industry’s leading experts, Dr Philippe de Ryck and Isabelle Mauny, guide you through some real-world cases of API security attacks and also share some best practices for securing your APIs.


Addressing API Security Regulations in Financial Services

By Colin Domoney | April 10, 2024

Introduction APIs are disrupting almost every industry vertical, and nowhere is their impact more profound than in the financial services industry. Whether helping modernize legacy systems or creating entirely new business opportunities through innovations such as OpenBanking, APIs are the lifeblood of the financial services industry. At the […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.