End-to-End API Security Throughout the API Lifecycle
42Crunch and Microsoft deliver a seamless DevSecOps environment for API security from design, through to production and runtime.
API Security First
for Efficiency & Innovation
An effective API security strategy starts early in the software development lifecycle. 42Crunch and Microsoft are collaborating to enable a DevSecOps approach that helps developers build more secure and resilient APIs without compromising on productivity or innovation. The 42Crunch Developer-First API Security platform is purpose-built to enable a combined shift-left and shield-right approach to securing APIs. The out-of-the-box Integrations with many of Microsoft’s key enterprise platforms enable a seamless DevSecOps experience for API security throughout the API lifecycle.


While Azure Pipelines already had security testing extensions... there had been a glaring gap of the one specifically designed for REST APIs. We are happy to see 42Crunch bridge that gap with their solution.
Steven Murawski
Cloud Advocate, Microsoft
Integrations

API INVENTORY

With 42Crunch we meet developers where they are by integrating with leading IDEs like VSCode and GitHub Codespaces which allows them to get instant feedback on security issues without having to change environments. Through a GitHub action, during a pull request, 42Crunch automatically scans enterprise GitHub repositories for all OpenAPI files and imports them to the API security platform.
API PROTECTION

42Crunch API firewall runs in front of your API and uses a positive security model to ensure that API requests and responses conform to the audited OpenAPI contract. The firewall runs as a VM or in Azure Container or Azure Kubernetes Services as a sidecar container alongside your API or Azure API Management gateway.
API DESIGN

42Crunch API Audit (downloaded by over half a million developers) runs as a plug-in in VSCode and GitHub Codespaces to automate testing as part of the CI/CD pipeline. Vulnerabilities found during the audit are presented to the developers directly in the IDE as well as the GitHub repository along with detailed remediation steps.
API MONITORING

The 42Crunch API firewall sends logs to Azure Sentinel for analysis of real-time attack data. Sentinel provides actionable insights and visualizations that highlight anomalous activity and attack patterns including account takeovers and malicious bots.
API TESTING

42Crunch API Scan runs as an automated task within the CI/CD pipeline through GitHub or Azure DevOps. Alternatively, scans can be run incrementally by developers directly from VSCode or Codespaces to ensure that issues are caught earlier in the development process and don’t result in a failed test.

Ready to Learn More?
Developer-first solution for delivering API security as code.