About Us

Who Are We

42Crunch was founded by veterans of the security and API management industry who recognized that the traditional approach to protecting APIs was simply not scalable. APIs are the core building block of every enterprise’s digital strategy and are driving internet traffic growth1, yet they are also the number one attack surface for hackers2.

Traditional application security solutions such as web application firewalls (WAF) and static and dynamic testing tools (SAST/DAST) are not designed to secure APIs nor even are API gateways. The time is now right for a new approach to API security.

AboutUs Infographic Quotes P1-06
AboutUs Infographic Quotes P1-07

Our Mission

42Crunch was founded to make security practitioners' and developers' lives easier by enabling a collaborative DevSecOps approach to API security. Application Security, API architects, Developers, QA, and Operations – get a shared view of API security, its shared definition, and a shared understanding of what needs to be done to enable security at scale.

The 42Crunch API security platform enables security to enforce security policies at design and runtime and empowers developers to detect security issues early, with no impact to productivity.

Trusted by Security & Development Teams Globally

42C Customers_Allianz copy
42C Customers_Bridgestone copy
bt-group-logo small
UK Central Digital & Data Office
42C Customers_Ford copy
42C Customers_Insulet Corporation copy
Logo_Logius BW
42C Customers_Pollinate copy
42C Customers_Travelers copy
42C Customers_Verizon copy

Endorsed By Analysts


42Crunch... for API or software security that want a comprehensive tool to protect their APIs, as well
as to engage in a constructive relationship with the
development teams involved.

Dionisio Zumerle

VP Analyst


42Crunch’s ability to secure
both the CI/CD pipeline &
the runtime environment
makes it a compelling
candidate for any
API security project.

Rik Turner

Principal Analyst


Based on the resulting scores from each category in our API hacking lab, the overall score awarded to the 42Crunch API Security Platform is a 5/5 stars – the highest rating I’ve ever given a vendor thus far.

Alissa Knight

Cybersecurity Analyst


Developers Use Our Tools!

We go where the developers are and have made our OpenAPI Editor and API Security Audit tools available to developers in their favorite IDEs.

IDE logos
VS Code
AboutUs Infographic Quotes P3-16
AboutUs Infographic Quotes P3-15
AboutUs Infographic Quotes P3-14



APISecurity.io is the number 1 community website for all things related to API security.
Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities,
standards, best practices, regulations, and technology.

Certifications & Associations

AboutUs Certifications_OpenAPI

We believe in the power of community.
Our involvement in the OpenAPI initiative is helping to contribute to the collective standards around API.

AboutUs Certifications_OWASP

As an active participant in the OWASP Foundation we contribute to the workings of the global security community through its regional chapters and global conferences.

AboutUs Certifications_ISO

We take protecting data seriously.
Our services are built to meet the most rigorous industry security standards.

42Crunch Member of MISA

42Crunch is a member of the Microsoft Intelligent Security Association (MISA). 42Crunch has integrated with Microsoft Sentinel to provide enterprises with end-to-end API protection and visibility, critical
to the success of their API-driven digital initiatives.

Office Locations

San Francisco





1 Akamai: State of the Internet Security Report. 2019

2 Gartner: API Security: Protect your APIs from Attacks and Data Breaches. 2021



A Blueprint for Success

Understand the API Security maturity model and learn how to build out a successful API Security program for your enterprise.

Landscape iPad Mockup n4 InnerPage 2

Ready to Learn More?

Developer-first solution for delivering API security as code.