42Crunch Blog

42Crunch Knowledge Series

Featured

LOSING MY RELIGION: Successful and unsuccessful approaches to API Security in a global enterprise – A take on Ford Motor Company’s approach to API security and the journey to enforce security compliance while ensuring productivity of thousands of developers managing thousands of APIs.   The Cybersecurity Snowball Effect With development Communities and product teams, there …

March 31, 2021

Spring Boot is a popular framework to build applications and APIs. Leveraging the Springfox project and code annotations, developers can generate OAS files with a high 42Crunch Security Audit score. What is the 42Crunch Security Audit? The 42Crunch Security Audit is one of 3 services from the 42Crunch API Security Platform: it consumes OpenAPI (Swagger) …

Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have …

Our OpenAPI (Swagger) Editor for VS Code has reached over 100,000 installs! A year ago we released our VS Code OpenAPI (Swagger) Editor with the idea of making developers lives EASIER when it came to editing security in their OpenAPI / Swagger files. This month we surpassed 100k installs and wanted to say THANK YOU!! …

OWASP API Security Top 10 Cheat Sheet

Download our OWASP API Security Cheat Sheets to print out and hang on your wall! US Letter 8.5 x 11 in  |  A4 210 x 297 mm   If you missed our latest presentation, check out the slides here: .embed-container { position: relative; padding-bottom: 56.25%; height: 0; overf...

API Security is not Web Application Security!

When we started 42Crunch 3 years ago, we were convinced that a new market segment would emerge: API security. And the market is now catching up with our vision! This is exemplified by the recent release of the OWASP Top 10 for API Security threats document, which highlights threats t...

We Need the Controller Layer Back!

A couple days ago, I gave an API security workshop to highlight the OWASP Top 10 issues for APIs and some of the mistakes we keep doing at development time and pay for at runtime. Many of the issues related to data, such as improper data filtering, mass assignment or excessive data exp...

API Security: separating truth from fiction

Where is the truth and what's the fiction ? In this webinar Alexei Balaganski, Lead Analyst at Kuppinger Cole and myself contrasted our experience with customers and prospects and came up with a list of facts and fictions about API security. We both have seen a surge of interest in API ...