NEWS

42Crunch Releases OpenAPI Static Security Audit in GitHub Code Scanning

IRVINE, CA, OCTOBER 7, 2020Today, the API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of its REST API Static Security Testing with  GitHub code scanning. By adding 42Crunch to code scanning, developers can include REST API OpenAPI / Swagger definitions within static security tests.

Most of today’s applications are driven by APIs. The transition to cloud-native architectures, microservices, serverless, single-page, IoT, and mobile applications lead to proliferation of APIs. What used to be components of monolithic applications communicating within a single server are now standalone APIs talking to each other over the network.

This significantly expanded the attack area and led to the rise of API attacks. In fact, there’s now not a single week without new high profile API vulnerabilities reported by the popular API security news site APIsecurity.io.

Gartner estimates that by 2022 APIs will become the most common attack vector.

Having direct access to applications’ backend services and databases with sensitive customer data, APIs are a lucrative target. API breaches can have significant business, public image, and financial impact.

At the same time, companies now have hundreds if not thousands of APIs. These APIs are constantly changing as teams adopt agile methodologies and continuously iterate over their functionality. Old approaches of manual review and approval processes and static runtime rules can no longer serve as the foundation for securing such complex dynamic systems.

The best way to provide cost-effective security for APIs is to “shift-left” and establish security measures across the whole API lifecycle: from design, to development, testing, and run-time protection and ideally doing so automatically without human interaction

Available as a GitHub Action, REST API Static Security Testing allows users to:

  • Discover REST APIs in their GitHub repositories
  • Audit each API with 200+ security checks from 42Crunch covering industry best practices across authentication, authorization, transport, and data validation
  • Analyze the discovered vulnerabilities by looking into the details provided for each vulnerability within GitHub code scanning alerts
  • Fix the vulnerabilities by going through the prioritized alert list and fixing the issues with remediation suggestions provided for each alert
  • Enforce security by setting criteria for your CI/CD workflows and automated Pull Request checks

“GitHub is the world’s leading software development collaboration platform,” says Dmitry Sotnikov, Chief Product Officer at 42Crunch. “We are happy to see Static Application Security Testing (SAST) to now become a standard feature of GitHub through code scanning and happy to provide our integration to handle the API security part of it.”

“GitHub code scanning is a major step on our journey to help open source and enterprise developers build secure software,” says John Leon, VP of Business Development at GitHub. “Adding 42Crunch’s security audit for REST APIs to GitHub code scanning tests will provide additional insight and security capabilities for developers.”

You can find out more by visiting the 42Crunch REST API Static Security Testing page in the GitHub Marketplace.

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, 42Crunch Platform empowers development, security, and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code, you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit https://42crunch.com to learn more. 

Visit our online community https://APIsecurity.io.

Latest Resources

WEBINAR

Webinar Series - Defending APIs with Jim Manico

Defending APIs with Jim Manico – Episode 1

Episode 1: Request Forgery on the Web – CSRF & SSRF

November 10, 2022 | 9am PST | 5pm BST

Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.

BLOG

Empathy for the API Developer

By Colin Domoney | July 25, 2022

Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help […]

DataSheet

Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.