Positive Security for APIs: what it is and why you need it!

When visiting prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way to […]

Continue reading


LIVE WEBINAR: The OWASP API Security Top 10

Come hang out with 42Crunch! If you missed the live webinar – you can view the recording here! The OWASP API Security Top 10 In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The […]

Continue reading


Deploying DevSecOps for APIs: a tale of shifting left…

DevSecOps is a hot topic at the moment, and particularly relevant when dealing with API development. APIs are growing at an exponential rate: not only  are they the backbone of any application, but microservices architecture imply exposing internal APIs for every microservice or group of microservices. The average number of APIs to protect within an […]

Continue reading


Thank You for Joining Us at API World

We hope that you have had some time to catch up from API World last week! Thank you for stopping by our booth and sessions. Below are a few things that you may be interested in: 42Crunch Collateral: OWASP API Security Top 10 Cheat Sheet: http://bit.ly/2Bcjoms 42Crunch Overview: http://bit.ly/2MECCXe   Presentation Slides:   The Dev, Sec […]

Continue reading


42Crunch Adds API Security Audit to its Visual Studio Code OpenAPI Extension

SAN JOSE, OCTOBER 9, 2019 — Today at API World, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of REST API Security Audit functionality in its popular OpenAPI extension for Microsoft Visual Studio Code — making it easier than ever to enable a DevSecOps process for API security. […]

Continue reading


Addressing Harbor Registry Vulnerability with 42Crunch

Hot from the press! There is a mass assignment vulnerability in the Harbor registry. Mass assignment is entry A6 on the OWASP API Security Top 10 list. A6 is described in the OWASP API Security Top 10 as: An API endpoint is vulnerable if it automatically converts client parameters into internal object properties without considering […]

Continue reading


Join 42Crunch at the API Specifications Conference

Come hang out with 42Crunch at the API Specifications Conference this October in Vancouver!   OpenAPI Initiative’s API Specifications Conference (ASC) is a place for API practitioners to come together and discuss the evolution of API technology. ASC includes cutting edge technology keynotes and sessions that chart the future of APIs, in-depth specification and standards […]

Continue reading