42Crunch API Security Platform

Protect your APIs from code to production with the click of a button

Audit. Scan. Protect.

The 42Crunch platform provides a set of automated tools to easily secure your entire API infrastructure by building security into OpenAPI contracts, and enforcing those policies throughout the entire lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of your APIs.

Developers initiate the API security process at the time of design 

42Crunch executes 200+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible. Audit reports are also delivered right to the developer’s IDE, allowing them to easily take action without the need to use specific tools. Therefore, required security is declared instead of developed/maintained manually across multiple tools/environments.

  • Actionable report with zero false positives
  • Available from IDEs and CI/CD pipelines
  • Instant visibility into API security status
  • Governance of corporate security standards

200+

Security Checks 

24/7

Support

100%

Protection

Security scan detects misconfigurations and vulnerabilities at testing time

Once the contract has reached a satisfactory audit score, 42Crunch will test the live API endpoints to uncover potential vulnerabilities and discrepancies of implementation against the contract. 

  • Ensures implementation is inline with API contract
  • Early detection of data or exception leakage
  • Continuous tracking of potential vulnerabilities

Protection is automatically applied at deployment time

Finally, the API contract is used to protect APIs using our micro API firewall. The runtime is fully optimized to be deployed and run on any container orchestrator such as Docker, Kubernetes or Amazon ECS. It can protect North-South and East-West microservices traffic. With minimal latency and footprint, it can be deployed against hundreds of API endpoints with minimal impact. 

  • API Firewall is configured in one-click from API contract
  • Contract becomes the allowlist for security
  • No need to guess via AI which traffic is valid
  • No policies to write

API Security by Design

API Native

Addresses unique API security requirements across data validation, authentication, authorization, confidentiality and integrity.

Positive Security Model

The API Contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.

Integrated into CI/CD

Easily push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.

Micro API Firewall

Thanks to its low footprint & ultra-low latency, 42Crunch micro API Firewall can be deployed at scale on any Docker orchestrator.

Intuitive User Interface

The intuitive interface makes it easy to get started on day one, and provides real-time Security dashboards with actionable data.

Designed for DevSecOps

Enables a seamless DevSecOps experience from API development to deployment through automated process across all teams.

Ready for DevSecOps

Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.

  • At any stage: design, development, testing, runtime - 42Crunch tells you exactly what each security issue is, with specific location in API contract, an explanation of the possible exploit scenario and suggested remediation.

  • Cloud-native architecture means that protection can get added to your existing microservice deployments with no extra infrastructure required.

  • No proprietary formats - the platform leverages the industry standard OpenAPI specification.

  • Hybrid deployment model (management and testing done from the cloud and protection firewall deployed next to your APIs in your current deployment infrastructure) makes getting started and maintaining the system a breeze.
  • 42Crunch gets embedded right into your current tooling: IDEs, code repositories & collaboration platforms, CI/CD - being there right when you need it.

  • Security Audit and Scanning become automated checks ensuring that insecure code never makes it to the master branch and production deployment.

  • Runtime protection policies get automatically redeployed with each API change making sure that you can stay agile without compromising security.
  • 42Crunch dashboards provide common view on all the projects that the enterprise has, all APIs in them, and the state of security for each and every one of them.

  • All teams: API architects, developers, QA, security, operations – get a shared view of API security, its shared definition, and shared understanding of what needs to be done to improve it.

  • 42Crunch integrates with existing collaborative developer tooling such as GitHub, GitLab, or Azure pipelines.

Ready for DevSecOps

Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API.

For Developers

Audit your OpenAPI contract against 200+ security vulnerabilities, we’ll rank them by severity level and tell you exactly how to fix them – making security a seamless part of your development lifecycle

Find out more

For Security

Enforce a zero-trust architecture by ensuring all your APIs meet a set security standard before production, scan the live API endpoints for potential vulnerabilities, and automate redeployment. 

Find out more

For Operations

Ensure security of all your APIs from design to deployment, get detailed insight about attacks on APIs in production – and protect against threats – without impacting performance.

Find out more

Deploy Anywhere!

You can use our API firewall to equally protect north-south and east-west traffic. Thanks to its low footprint, it can be deployed at scale on any container orchestrator such as Kubernetes, Amazon ECS or Red Hat OpenShift(®).

Our runtime is fully compatible with existing API management solutions or API gateways and with microservices-based architectures. We support the sidecar proxy and gateway deployment models.

Resources

Want to learn more? Here are some resources to help you out!

Free Tools

Looking to make OpenAPI editing easier in VS Code? Or want to check how secure your API is? Check out our free tools.

Get Started

API Sec Encyclopedia

Information on the risks, guidelines, and fixes relating to the OpenAPI Specification. Both OAS v2 and v3 are available!

Learn More

Platform Tutorials

Ready to get started? We have some short video tutorials for audit, scan and protection to help get you up and running as fast as possible.

Get Started

Ready to Get Started?

Developer-first solution for delivering API security as code.