API Audit
Optimize API security at design time

42C-Hero-Platform-Audit-P1

API Audit
Optimize API security at design time

42C-Hero-Platform-Audit-P1

API Audit provides instant security scoring for prioritization and remediation advice at design-time to help developers to define and build the best OpenAPI contract possible. It performs over 300+ security checks on your OpenAPI contract, ranging from the structure and semantics to the security and input/output data definitions.

Three-Tier Security Audit

API Audit reviews your OpenAPI definition file on three levels:

  • It assesses if your API is a valid and well-formed OpenAPI file that adheres to the OpenAPI Specification (OAS).
  • It reviews the security definitions in your API, if you have defined authentication and authorization methods and if the protocol is secure.
  • It assesses the data definition quality of your API and how strong are the schemas defined for your API and its parameters.
API Audit Infographic P1-04
42C_UI_8_22-13

Help Developers Focus on
the security gaps that matter

The starting point for an API’s security is the OpenAPI definition itself. API Audit helps you lock down the OpenAPI definition at design time, to reduce the attack surface and remove any potential security gaps. Let your developers focus on the problems that matter and avoid the noise.

Developers get instant scoring
to make fixes inside their IDE and CI/CD pipelines

API Audit automatically performs an analysis of your API definition with 300+ checks for instant security scoring for prioritization and remediation advice. Developers can build the best OpenAPI contract possible from inside their favorite IDE and CI/CD pipeline.

42C_UI_8_22_Security_Audit_1
42C_UI_8_22_Scan-08

Discover which APIs are vulnerable
before they are deployed

Security Audit can automatically discover your API definitions by crawling code repositories and reporting all the OpenAPI/Swagger files. You instantly get a view of all your APIs and their security health.

Security Governance and Enterprise Compliance

Keep your APIs compliant with visibility at design and runtime. Security teams can define minimal audit scores,  maximum criticality of the issues found by Security Audit and even drill down at issue level (for example, block all APIs which are using API keys as their authentication theme or do not have proper patterns defined for request parameters). The OpenAPI contract can also be audited from the CI/CD to ensure it is of sufficient quality to pass security requirements. In addition, security teams can overlay security policies to enhance the OpenAPI contract, which can then be enforced by the API Protect micro firewall.

42C_UI_8_22_Dashboard_Map
42Crunch-Quotes-White

42Crunch's ability to secure both the CI/CD pipeline & the runtime environment makes it a compelling candidate for any API security project.

Rik Turner

Principal Analyst, OMDIA

Report-Mockups-2-Omdia

Ready to Learn More?

Developer-first solution for delivering API security as code.