42Crunch Blog

O grande susto Um amigo comentou comigo um episódio interessante: Telefonaram para ele dizendo que era um canal de nível oito de seu banco, confirmando dados como endereço, nome de mãe e pai, cônjuge, filhos etc, dizendo que existiam transações suspeitas, e que a conta dele havia sido invadida e ele precisava ligar urgentemente para …

May 18, 2022

Recently we published an article on the log4shell vulnerability targeting log4j, in which we explained how APIs can be protected against injection attacks with a positive security model, and how 42Crunch easily enables such a model. Now, it’s time for the Spring4Shell (CVE-2022-22965) vulnerability, targeting the Spring framework, commonly used to build APIs. What can …

Why Developer-First API Security is Prevailing in Enterprise. The DevSecOps movement has led to a distinct “shift-left” in the enterprise where tasks are moved earlier in the development cycle so that developers can directly address production concerns as the code is being written. Companies are realizing greater business benefits from this shift-left approach, with accelerated …

Question: Everyone is talking about DevSecOps, why are we not able to fix the security issues? Despite the obvious challenges, Colin believes that the industry has made progress as compared to ten years ago when very insecure code was prevalent. Today’s code is definitely more secure and security is improving — thankfully most developers are …

API World 2020 [Virtual]

API World 2020 Virtual Event | October 27-29 Join 4,500 global technical leaders, engineers, software architects, and executives at the world’s largest and longest-running API & microservices event – in its 9th year! This year, API World 2020 will be fully digital.   OPEN TA...

API Specifications Conference 2020 [Virtual]

ASC 2020 Virtual Event | Sept 9 - 10 OpenAPI Initiative’s API Specifications Conference (ASC) is a place for API practitioners to come together and discuss the evolution of API technology. ASC includes cutting edge technology keynotes and sessions that chart the future of APIs with in-...

Questions Answered: OpenAPI for API Security

You had questions, and we've got answers! Thank you for all the questions submitted on our webinar: "OpenAPI for API Security - Why guess when you know?!" Below is the replay and all the answers to the questions that were asked. If you'd like more information please feel free to cont...

Questions Answered: The Anatomy of Four API Breaches

You had questions, and we've got answers! Thank you for all the questions submitted on our "The Anatomy of Four API Breaches" webinar. Below is the replay and all the answers to the questions that were asked. If you'd like more information please feel free to contact us.   ...

WEBINAR: The Anatomy of 4 API Breaches

Securing APIs implies securing the infrastructure but also the APIs themselves. Unfortunately, having all possible infrastructure protections in place is only one aspect of the recent OWASP Top10 for API Security. Other issues such as data leakage, mass assignment or broken authenticat...