42Crunch API Security for Microsoft

Implement API security from design to production in the Microsoft stack right from your CI/CD and IDE

Continuous, Secure API Design for the Microsoft ecosystem

In today’s world of companies exposing hundreds (if not thousands) of APIs in the systems they build and maintain, how do you make sure that all the APIs that you develop and run follow modern security best practices? If you are a Microsoft shop, 42Crunch has the platform that supports the introduction of security from the first day of API development: we have developed tools you can use across key development and runtime platforms to easily enforce secure API design right from your IDE and CI/CD pipeline.

Visual Studio Code for API Development

42Crunch OpenAPI (Swagger) Editor

Azure Pipelines for API Discovery and Testing

42Crunch REST API Static Security Testing

Azure Kubernetes Service for API Delivery

42Crunch API Firewall Container

Automate. Integrate. Collaborate.

42Crunch was built to seamlessly integrate security in the early stages of API development, so that you do not discover security issues right before getting into production! The 42Crunch tools work together to enable a DevSecOps process so you can stay agile without compromising quality or security.

VS Code – API Design and Development

Microsoft Visual Studio Code is an open-source developer environment (IDE) from Microsoft. It has quickly become the number one IDE for modern software development due to its comprehensive marketplace. With thousands of plugins for a variety of programming languages and technology – it can satisfy any R&D need. 

42Crunch's popular OpenAPI (Swagger) editor extension provides first-class API creation and editing capabilities within the IDE using templates, contract navigation, intellisense and code snippets.

The security audit is easily accessible right within your IDE. Click the purple 42C button at the top right and get more than 200 different security best practices checks run against the API definition covering authentication, authorization, transport, and data validation. You immediately receive a detailed, actionable report with information on each issue, possible exploit scenarios and recommended remediation.

You immediately receive a detailed, actionable report with information on each issue, possible exploit scenarios and recommended remediation.

Azure DevOps – Testing and DevSecOps

While VS Code is a great tool for personal developer productivity, Azure Pipelines can take your processes to the next level. This is Microsoft’s implementation of Continuous Integration / Continuous Deployment (CI/CD) technology. The pipeline takes your complete code repository, runs the tests you add to it, and if successful pushes the changes to your runtime environment.

42Crunch REST API Static Security Testing extension comes in. Add it to the pipeline, specify the corporate security requirements (such the overall security score threshold or a set of more granular requirements) and enforce those requirements automatically across the 100's of APIs development within your enterprise.

The extension can automatically finds any REST API definitions in your code repositories, run the security audit checks for them, and gives detailed reports as a result. This means that no new API or API change can get deployed to your systems without automated security scrutiny.

Automated audit brings security governance to API development, ensuring you discover potential issues as early as possible in the API lifecycle.

Azure Kubernetes Service – Runtime Protection

Azure Kubernetes Services (AKS) is one of the environment of choices for APIs deployment. Customers can leverage the orchestration capabilities to automatically deploy and scale applications. But deploying applications in such an environment brings up new challenges, such as securing East-West traffic (across microservices).

With your API contract already checked and locked down in previous steps, you can use it as an allowList, making sure requests/response that do not conform to the API contract are automatically rejected. To do this, simply deploy our low-latency, low-footprint API firewall as a sidecar companion to your APIs. 

The firewall reads the API contract and provides effective real-time protection for the API that the microservice exposes.

What people are saying...

Don't take it from us - listen to what customers and analysts are saying about the 42Crunch API Security Platform!

Resources

Want to learn more? Here are some resources to help you out!

Free Tools

Looking to make OpenAPI / Swagger editing easier in VS Code? Or want to check how secure your API is? Check out our free tools.

Get Started

API Security Top 10

Are you protected from the OWASP API Security Top 10? 42Crunch can help with that! We also have a free cheat sheet you can download.

Learn More

API Sec Encyclopedia

Information on the risks, guidelines, and fixes relating to the OpenAPI Specification. Both OAS v2 and v3 are available!

Learn More

Ready to Get Started?

Developer-first solution for delivering API security as code.