BLOG

How to test API security throughout the API lifecycle with Postman and 42Crunch

June 23, 2021| byHugh Carroll

Postman, the API collaboration platform for developers, advocates an API-First approach for companies. Using 42Crunch, API developers and application security teams can now implement API security design and testing as part of their API-First approach in Postman.

Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs.

Watch the webinar now

API Explosion: API-Last or API-First?

Kin pointed out that APIs have come a long way from the mid-90s when businesses such as eBay and Amazon first started to exploit the web using APIs. However, despite the fact that APIs are now everywhere, there is a strong distinction to be drawn between companies who are characterized as API-Last and those who are API-First.Ā  Adopting an API-first strategy better prepares a business for the digital revolution impacting every industrial sector today.


API Contracts – OpenAPI and Postman Collections

Unfortunately the standards of API development vary widely and many are poorly built and left exposed to security vulnerabilities. Central to a successful API strategy is the adherence by the development teams to API contracts which define the documentation of the API that will ultimately be consumed by both internal and external customers. The OpenAPI specification and Postman Collections have evolved to assist companies build API contracts that help move APIs forward throughout the API lifecycle.


Shift-Left & Shield Right with Security as Code

Isabelle Mauny expanded on the concept of the API lifecycle and recommended that enterprises adopt a shift-left approach to protecting their APIs by introducing ā€œsecurity as codeā€ as early as possible in the API design and development phases. Isabelle demonstrated how easy it is for developers to take control of implementing security as they code using 42 Crunchā€™s API audit and scan services that are pre-integrated into the developersā€™ favourite IDEs and CI/CD environments and now also integrated with Postman. Complementing this shift-left approach, is the 42Crunch API firewall that enforces API security policy at runtime.Ā 

Watch the webinar now

Latest Resources

WEBINAR

When GenAI Meets Risky APIs

42Crunch demonstrate how GenAI can be used to exploit unsecured APIs to gain unauthorized access, inject malicious prompts and manipulate data. Also learn how to prevent your APIs from being undermined by adopting a proactive API security as code approach to defending your APIs.

Sept 26, 2024 | 9am PDT | 2pm EDT | 5pm BST

NEWS

VicOne Partners with 42Crunch to Deliver Uniquely Comprehensive Security Across SDV and Connected-Vehicle Ecosystem

By Newsdesk | May 29, 2024

Collaboration pairs leaders in API and automotive cybersecurity to enable broad protectionĀ as attacks on automotive APIs climb within and among vehicle, cloud and mobileĀ  DALLAS and TOKYO, May 29, 2024ā€”VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch Ā to enhance the security of application programming […]

DataSheet

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterpriseā€™s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developersā€™ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

WEBINAR

When GenAI Meets Risky APIs

42Crunch demonstrate how GenAI can be used to exploit unsecured APIs to gain unauthorized access, inject malicious prompts and manipulate data. Also learn how to prevent your APIs from being undermined by adopting a proactive API security as code approach to defending your APIs.

Sept 26, 2024 | 9am PDT | 2pm EDT | 5pm BST

NEWS

VicOne Partners with 42Crunch to Deliver Uniquely Comprehensive Security Across SDV and Connected-Vehicle Ecosystem

By Newsdesk | May 29, 2024

Collaboration pairs leaders in API and automotive cybersecurity to enable broad protectionĀ as attacks on automotive APIs climb within and among vehicle, cloud and mobileĀ  DALLAS and TOKYO, May 29, 2024ā€”VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch Ā to enhance the security of application programming […]

DataSheet

Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterpriseā€™s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developersā€™ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.

Get Started