Colin Domoney

Colin Domoney is an API security research specialist and developer advocate with 42Crunch. He oversees the development of the 42Crunch community and curates the apisecurity.io industry newsletter.

Defending APIs with Jim Manico – Episode 1

By Colin Domoney / October 24, 2022

Episode 1: Request Forgery on the Web – CSRF & SSRF

November 10, 2022 | 9am PST | 5pm BST

Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.

Hacking APIs for Fun & Profit

By Colin Domoney / October 6, 2022

Join Colin Domoney, Developer Advocate at 42Crunch in discussion with Adrian and Bogdan Tiron, Managing Partners at FORTBRIDGE as they discuss their careers as pen testers, and in particular their recent experiences in testing and exploiting API-based products.

Review of the Major API Breaches from H1 2022 – Episode 2

By Colin Domoney / August 10, 2022

This is a two-part webinar series on the global API breaches from H1 2022 that made the news. The first session described the breaches at a high level (recording below) and the second describes how to defend against them.

Benefits of a Positive Security Model for APIs

By Colin Domoney / August 2, 2022

Positive Security is a model that enables access to known trusted resources rather than trying to determine what activity or entities have hostile intent. Applying a positive security model when protecting your APIs can offer direct benefits such as reduction in false negatives, lower reliance on constantly adding characteristics of hostile traffic, and others. It also has indirect benefits for the working groups on your DevSecOps team that allow them to focus and be more efficient in their individual roles.

Empathy for the API Developer

By Colin Domoney / July 25, 2022

Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help foster greater collaboration. “..Security teams have always […]

Empathy for the API Developer – Colin Domoney

By Colin Domoney / July 22, 2022

DevOps.com – Empathy for the API Developer – Colin Domoney

Review of the Major API Breaches from H1 2022 – Episode 1

By Colin Domoney / June 21, 2022

This is a two-part webinar series on the global API breaches from H1 2022 that made the news. The second part of this webinar series explores how to defend against common API security breaches covered in the first part of the series. Join Colin Domoney (42Crunch security researcher and curator of the APISecurity.io newsletter) to understand how to use defensive techniques to protect APIs. This practical and interactive webinar will illuminate how APIs can be protected against common attack types and real-world exploits.

Actively Monitor and Defend Your APIs with 42Crunch and the Azure Sentinel Platform

By Colin Domoney / May 4, 2022

In this webinar 42Crunch and CyberProof demonstrate how to proactively integrate API access logs into the Microsoft Azure Sentinel platform and actively defend APIs with the 42runch API Micro-Firewall

OWASP API Security TOP 10 Challenges – Episode 3

By Colin Domoney / March 24, 2022

In this 3-part webinar series Dr. Philippe De Ryck, Web Security Expert with Pragmatic Web Security and Colin Domoney of 42Crunch and APISecurity.io, take a deep dive into understanding and addressing the OWASP API Security Top 10 issues. Through detailed practical examples and use cases, they guide developers and security professionals through how to fix and secure their APIs in the face of these identified threats.

How to Extend Protection of your Data from API to Mobile Application

By Colin Domoney / March 8, 2022

This webinar presents the new integration of 42Crunch with comprehensive mobile app protection from Approov. A joint solution that delivers shift-left API protection as well as run-time shielding that extends all the way to your mobile apps and the environments they run in.

OWASP API Security TOP 10 Challenges – Episode 2

By Colin Domoney / February 17, 2022

THREE-PART WEBINAR SERIES May 4th, 2022 | 8am PST | 4pm BST In this first episode in the webinar series, Dr Philippe de Ryck and Colin Domoney discuss API security today and the challenges presented by the OWASP API security top 10. Questions from attendees were addressed throughout the webinar. Episode 2: Address the OWASP […]

OWASP API Security TOP 10 Challenges – Episode 1

By Colin Domoney / January 25, 2022

In this first episode in the webinar series, Dr Philippe de Ryck and Colin Domoney discuss API security today and the challenges presented by the OWASP API security top 10. Questions from attendees were addressed throughout the webinar.

Automate your API security with Security as Code

By Colin Domoney / December 9, 2021

Traditionally developers like to focus on the data and functionality of their APIs while the security team is concerned with the enforcement of API security controls and policies. This siloed approach has led to inefficiencies and bottlenecks in the DevSecOps’ cycle that are delaying the release of APIs and creating cost over runs.

Application Security Tools Are Not up to the Job of API Security

By Colin Domoney / October 5, 2021

The last two decades have seen a proliferation of software (according to GitHub there has been a 35% increase in code repositories in 2020 alone) into every aspect of our lives in the form of web or mobile applications. Adversaries have increasingly attacked these applications, and defenders have adopted various testing tools and technologies to […]

Ready to Learn More?

Developer-first solution for delivering API security as code.