Audit. Scan. Protect.
The 42Crunch platform provides a set of automated tools to easily secure your entire API infrastructure by describing security in the API contract, and enforcing those policies throughout the entire lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of your APIs.
Developers initiate the API security process at the time of design
42Crunch executes 200+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible. Audit reports are also delivered right to the developer’s IDE, allowing them to easily take action without the need to use specific tools. Therefore, required security is declared instead of developed/maintained manually across multiple tools/environments.
- Actionable report with zero false positives
- Available from IDEs and CI/CD pipelines
- Instant visibility into API security status
- Governance of corporate security standards
Security scan detects misconfigurations and vulnerabilities at testing time
Once the API contract has reached a satisfactory audit score, 42Crunch will test the live API endpoints to uncover potential vulnerabilities and discrepancies of implementation against the contract.
- Ensures implementation is inline with API contract
- Early detection of data or exception leakage
- Continuous tracking of potential vulnerabilities
Protection is automatically applied at deployment time
Finally, the API contract is used to protect APIs using our micro API firewall. The runtime is fully optimized to be deployed and run on any container orchestrator such as Docker, Kubernetes or Amazon ECS. It can protect North-South and East-West microservices traffic. With minimal latency and footprint, it can be deployed against hundreds of API endpoints with minimal impact.
- API Firewall is configured in one-click from API contract
- Contract becomes the allowlist for security
- No need to guess via AI which traffic is valid
- No policies to write
API Security by Design
Addresses unique API security requirements across data validation, authentication, authorization, confidentiality and integrity.
Positive Security Model
The API contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.
Integrated into CI/CD
Easily push your OpenAPI / Swagger definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.
Micro API Firewall
Thanks to its low footprint & ultra-low latency, 42Crunch micro API Firewall can be deployed at scale on any Docker orchestrator.
Intuitive User Interface
The intuitive interface makes it easy to get started on day one, and provides real-time Security dashboards with actionable data.
Designed for DevSecOps
Enables a seamless DevSecOps experience from API development to deployment through automated process across all teams.
Learn more about each of the features in the 42Crunch API Security Platform
API Security Audit
42Crunch executes 200+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible.Learn More
API Conformance Scan
42Crunch Conformance Scan is a dynamic runtime testing of your API to ensure that the implementation behind your API matches the contract set out in the OpenAPI / Swagger definition of the API.Learn More
API Firewall Protection
42Crunch Platform moves the defense from the network perimeter to in-depth directly in front of your APIs. With API Protection, you can protect each API from malicious intents with a micro-API firewall.Learn More
Ready for DevSecOps
Push your OpenAPI / Swagger definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.
- At any stage: design, development, testing, runtime - 42Crunch tells you exactly what each security issue is, with specific location in the OpenAPI / Swagger file, an explanation of the possible exploit scenario and suggested remediation.
- Cloud-native architecture means that protection can get added to your existing microservice deployments with no extra infrastructure required.
- No proprietary formats - the platform leverages the industry standard OpenAPI Specification.
- Hybrid deployment model (management and testing done from the cloud and protection firewall deployed next to your APIs in your current deployment infrastructure) makes getting started and maintaining the system a breeze.
- 42Crunch gets embedded right into your current tooling: IDEs, code repositories & collaboration platforms, CI/CD - being there right when you need it.
- Security Audit and Scanning become automated checks ensuring that insecure code never makes it to the master branch and production deployment.
- Runtime protection policies get automatically redeployed with each API change making sure that you can stay agile without compromising security.
- 42Crunch dashboards provide common view on all the projects that the enterprise has, all APIs in them, and the state of security for each and every one of them.
- All teams: API architects, developers, QA, security, operations – get a shared view of API security, its shared definition, and shared understanding of what needs to be done to improve it.
- 42Crunch integrates with existing collaborative developer tooling such as GitHub, GitLab, or Azure pipelines.
Ready for DevSecOps
Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API.
Audit your API contract against 200+ security vulnerabilities, we’ll rank them by severity level and tell you exactly how to fix them – making security a seamless part of your development lifecycleFind out more
Enforce a zero-trust architecture by ensuring all your APIs meet a set security standard before production, scan the live API endpoints for potential vulnerabilities, and automate redeployment.Find out more
Ensure security of all your APIs from design to deployment, get detailed insight about attacks on APIs in production – and protect against threats – without impacting performance.Find out more
You can use our API firewall to equally protect north-south and east-west traffic. Thanks to its low footprint, it can be deployed at scale on any container orchestrator such as Kubernetes, Amazon ECS or Red Hat OpenShift(®).
Our runtime is fully compatible with existing API management solutions or API gateways and with microservices-based architectures. We support the sidecar proxy and gateway deployment models.
Want to learn more? Here are some resources to help you out!