Isabelle Mauny

Isabelle is co-founder and field CTO of 42Crunch where she advises Global 2500 firms on their API security strategies.

An Introduction to API Security

By Isabelle Mauny / May 27, 2022

Isabelle Mauny from 42Crunch takes a high level look at the different problems facing APIs today and gives some recommendations in her article on APIscene.io The idea of this article is to serve as an introduction to API security. We’ll look from a high-level view at all the different problems that are stacking up around […]

API Security for Global Enterprises – Successful and unsuccessful approaches to API Security

By Isabelle Mauny / May 4, 2022

Join 42Crunch and special guest speaker Darren Shelcusky, Manager of Vehicle & Connectivity Cybersecurity at Ford Motor Company, as he takes us through their approach to API security and journey to enforce security compliance while ensuring productivity of their hundreds of developers managing thousands of APIs.

Diseñando API seguras usando la plataforma 42Crunch con Postman

By Isabelle Mauny / November 2, 2021

Diseñando APIs seguras usando la plataforma 42Crunch con Postman

Why Continuous API Security is key to protecting your Digital Business

By Isabelle Mauny / October 22, 2021

Join these experts as they discuss the benefits of an integrated, continuous, and proactive approach to API security that combines proactive application security measures with continuous activity monitoring, API-specific threat analysis, and runtime policy enforcement.

Why Continuous API Security is key to protecting your Digital Business – Show Webinar

By Isabelle Mauny / October 22, 2021

Join these experts as they discuss the benefits of an integrated, continuous, and proactive approach to API security that combines proactive application security measures with continuous activity monitoring, API-specific threat analysis, and runtime policy enforcement.

42Crunch API Security Platform June 2021 Release

By Isabelle Mauny / June 17, 2021

Our June 2021 update just went live, and I am here to tell you the details. Executive Dashboards The most noticeable change in the user interface is the new organization-level executive dashboard. It allows organization administrators to get a quick glance at the corporate use of 42Crunch API Security and the trends across Security Audit, […]

Integrating 42Crunch API Contract Security Testing within Postman

By Isabelle Mauny / June 17, 2021

Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs.

42Crunch API Security Platform May 2021 Release

By Isabelle Mauny / May 18, 2021

Our May 2021 update just went live, and I am here to tell you the details. Updated CI/CD plugins and repository data in the platform 42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines. These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or […]

42Crunch API Security Platform April 2021 Release

By Isabelle Mauny / April 16, 2021

We have just updated our API Security platform, and I want to tell you all about it. 100+ New Security Audit Checks Security Audit checks related to authentication just had a major revamp. Now instead of generic articles on insecure authentication methods, we provide specific information for each case, including: API Key passed as a […]

Strengthening Your API Security Posture – Ford Motor Company

By Isabelle Mauny / March 31, 2021

LOSING MY RELIGION: Successful and unsuccessful approaches to API Security in a global enterprise – A take on Ford Motor Company’s approach to API security and the journey to enforce security compliance while ensuring productivity of thousands of developers managing thousands of APIs. The Cybersecurity Snowball Effect With development Communities and product teams, there are […]

42Crunch API Security Platform March 2021 Release

By Isabelle Mauny / March 23, 2021

Today we are happy to announce the global availability of the latest version of the 42Crunch API Security Platform. We have updated our community deployment used by thousands of API developers worldwide, our IDE plugins, online tools, and deployments used by our enterprise customers. Below is a summary of the biggest new features and improvements. […]

Creating High Quality OAS Definitions with Springfox – Part 1: Security Definitions

By Isabelle Mauny / March 9, 2021

Spring Boot is a popular framework to build applications and APIs. Leveraging the Springfox project and code annotations, developers can generate OAS files with a high 42Crunch Security Audit score. What is the 42Crunch Security Audit? The 42Crunch Security Audit is one of 3 services from the 42Crunch API Security Platform: it consumes OpenAPI (Swagger) […]

API Security in a Kubernetes World

By Isabelle Mauny / February 18, 2021

Securing APIs deployed in Kubernetes implies securing the infrastructure, but also the APIs themselves. Having a perfectly setup cluster, with all possible protections in place, is only ONE aspect of the measures you need to take to prevent the vulnerabilities listed in the OWASP API Security Top 10. Other issues such as data leakage, mass assignment or broken authentication must be handled at the application level.

How to Best Leverage JWTs for API Security

By Isabelle Mauny / December 10, 2020

JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT standards are quite complex and it’s very easy to get the implementation wrong. As a result, data breaches and API vulnerabilities due to poor JWT implementation, token leakage, and lack of proper validation remain widespread.

OWASP API Security Top 10 Webinar Series (Part 2)

By Isabelle Mauny / November 4, 2020

By now, you should know that APIs are special and deserve their own OWASP Top 10 list, but do you know how these common attacks happen and why?

Why knowing is better than guessing for API Threat Protection

By Isabelle Mauny / October 25, 2020

Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have […]

OWASP API Security Top 10 Webinar Series (Part 1)

By Isabelle Mauny / October 21, 2020

By now, you should know that APIs are special and deserve their own OWASP Top 10 list, but do you know how these common attacks happen and why?

OAuth, OWASP, Gateways and Meshes – Oh my!

By Isabelle Mauny / September 24, 2020

To consider and apply API security effectively, we need to understand where we are and where we need to go. We need to know the tools we have available and who our allies are. Finally, we need a clear path and priorities on what we can accomplish and how. In this webinar, we’ll lay out a reference architecture to ensure we understand the scope, challenges, and approach to secure your APIs and organization as a whole.

OpenAPI for API Security (Why Guess when you know?)

By Isabelle Mauny / July 23, 2020

According to the State of the APIs report released by Smartbear in 2019, 80% of developers use OpenAPI to describe their APIs (you may still call it Swagger, but you really should call it OpenAPI now!)

Let’s shift API Security Left! Sure, but how?

By Isabelle Mauny / June 25, 2020

API security flaws are injected at many different levels of the API lifecycle: in requirements, development and deployment. It is proven that detecting and fixing vulnerabilities during production or post-release time is up to 30 times more difficult than earlier in the API lifecycle.

42Crunch approach vs. Traditional WAF approach: using positive security by default

By Isabelle Mauny / June 20, 2020

When talking to prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way […]

42Crunch Security Audit for WSO2 API Manager 3.1

By Isabelle Mauny / May 28, 2020

WSO2 API Manager 3.1 brings a lot of interesting features including the ability to run 42Crunch’s audit tool directly from the API Publishing portal.

Top API Security Issues Found During POCs

By Isabelle Mauny / May 26, 2020

Over the past 6 months, we have discovered many similarities across APIs from companies from very different industries. “This is an eye opener” is the most recurring comment from our prospects. We thought it would be worth sharing our findings in this webinar.

The Anatomy of API Breaches

By Isabelle Mauny / April 30, 2020

Securing APIs implies securing the infrastructure but also the APIs themselves. Unfortunately, having all possible infrastructure protections in place is only one aspect of the recent OWASP Top10 for API Security. Other issues such as data leakage, mass assignment or broken authentication/authorization must be handled at the application level.

REST API Security for Microsoft Azure Pipelines

By Isabelle Mauny / March 25, 2020

Security is an important topic in software development. Unfortunately, security is usually considered too late in software development, and especially in the API lifecycle. Waiting until software and APIs are in production before addressing security concerns can be a severe risk to your organization. Did you know that vulnerabilities found in production cost up to 30x time and money more to fix?

Protecting Microservices APIs with 42Crunch API Firewall

By Isabelle Mauny / February 2, 2020

In loosely coupled architectures, we must put in place application level security, should it be for client traffic (North-South) or intra-microservices traffic (East-West).

42Crunch API Firewall and API Management: why you need both!

By Isabelle Mauny / January 29, 2020

Every day, new breaches show us that we still have a long way to go with API security. In order to protect APIs, enterprises need to take a holistic approach, which includes the following: Securing the infrastructure: OS configuration, network configuration as well as containers. Properly configuring application servers: enforce TLS 1.2/1.3, remove weak cipher […]

Positive API Security Model, and Why You Need It!

By Isabelle Mauny / December 10, 2019

Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or output validation.

Deploying DevSecOps for APIs: a tale of shifting left…

By Isabelle Mauny / October 29, 2019

DevSecOps is a hot topic at the moment, and particularly relevant when dealing with API development. APIs are growing at an exponential rate: not only  are they the backbone of any application, but microservices architecture imply exposing internal APIs for every microservice or group of microservices. The average number of APIs to protect within an […]

Addressing Harbor Registry Vulnerability with 42Crunch

By Isabelle Mauny / September 24, 2019

Hot from the press! There is a mass assignment vulnerability in the Harbor registry. Mass assignment is entry A6 on the OWASP API Security Top 10 list. A6 is described in the OWASP API Security Top 10 as: An API endpoint is vulnerable if it automatically converts client parameters into internal object properties without considering […]

API Security is not Web Application Security!

By Isabelle Mauny / September 17, 2019

When we started 42Crunch 3 years ago, we were convinced that a new market segment would emerge: API security. And the market is now catching up with our vision! This is exemplified by the recent release of the OWASP Top 10 for API Security threats document, which highlights threats that do not apply to traditional […]

We Need the Controller Layer Back!

By Isabelle Mauny / September 16, 2019

A couple days ago, I gave an API security workshop to highlight the OWASP Top 10 issues for APIs and some of the mistakes we keep doing at development time and pay for at runtime. Many of the issues related to data, such as improper data filtering, mass assignment or excessive data exposure, could be […]

Leading API Security Platform, 42Crunch, Launches Partner Network

By Isabelle Mauny / May 16, 2019

MUNICH, GERMANY. MAY 14, 2019 — Today at the European Identity & Cloud Conference (EIC) 2019, API security leader and creator of the industry’s first API Firewall – 42Crunch – announced the launch of its reseller and implementation partner program, as well as the first two commercial partnerships with Skalena (Brazil) and atSistemas (Spain). The […]

API Security: separating truth from fiction

By Isabelle Mauny / April 16, 2019

Where is the truth and what’s the fiction ? In this webinar Alexei Balaganski, Lead Analyst at Kuppinger Cole and myself contrasted our experience with customers and prospects and came up with a list of facts and fictions about API security. We both have seen a surge of interest in API security after a challenging […]

Token Management Security Best Practices

By Isabelle Mauny / November 19, 2018

We recently participated to the DZone mobile apps development guide to highlights some of the key best practices when dealing with API keys and tokens. Below is an excerpt, the full article is available on DZone! Modern applications, both  web-based and native, rely on APIs on the backend to access protected resources. To authorise access […]

API Security FAQ : the top 5 questions we answered at the APIWorld conference!

By Isabelle Mauny / October 10, 2017

The APIWorld conference came to end last week. This was the first public preview of our platform! We had a blast talking to many attendees and presenting at the event. This also gave us the opportunity to address a few common questions relative to API security and our product. 1. I have seen 3 vendors […]

Start acting on API Security today!

By Isabelle Mauny / July 25, 2017

APIs are the access doors to your enterprise assets and the backbone of pretty much any application that has been written in recent years. While most companies apply token-based access to APIs with OpenIDConnect and OAuth, there are still many aspects of security which are not properly covered for APIs such as common injection attacks, […]

Why do we need the A10 entry in the OWASP Top 10?

By Isabelle Mauny / July 18, 2017

Without any doubt, APIs have redefined the enterprise architecture landscape by becoming the building blocks of internal and external enterprise applications. APIs are now the entry point into most architectures, much like servlets and JSPs were in the application server era. APIs give access to a wide range of applications, systems, databases and now things with […]

Ready to Learn More?

Developer-first solution for delivering API security as code.