The 42Crunch platform offers DevSecOps teams a unique set of integrated API security tools which allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks.
The 42Crunch June 2019 release introduces an updated, easy to use UI along with key enhancements to API contract security audit reports, full user management for organization administrators, support for DevSecOps using our REST API, and built-in user interface to look up API firewall transactions. (See the release notes for additional details on full list of updates.)
New Feature Highlights
API Contract Security Audit
The 42Crunch Platform provides a comprehensive security audit of the OpenAPI specification definition with detailed security scoring to help developers define and strengthen their API contracts. In the new release, the API Contract Security Audit report includes the following improvements:
- Filter your top priority issues to immediately address the most critical security vulnerabilities in your API, and quickly improve your audit score.
- Direct navigation from issues list to issue details, including a detailed view for each issue, with inline view of the OpenAPI file and the remediation articles from the API Security Encyclopedia on APIsecurity.io.
Users and Credentials Management
In this version of the release, 42Crunch empowers Admins with more control over users and credential management. Administrators of the platform can now manage users in their organizations from their own profile settings:
- Add, delete or lock out users within your 42Crunch instance
- Manage users level of access
- Force password reset for users
Support for DevSecOps
The role of DevSecOps is to shift left and introduce security measures as early as possible in the API lifecycle. It helps delivery at speed, but without sacrificing security. Now customers can automate API Protection by calling the 42Crunch Platform REST API from their CI/CD pipeline. To invoke the platform API, you must use API tokens. With the new user interface, each platform user can:
- Create tokens and revoke tokens
- Manage the access rights (scopes) that each API token gets
For news on all things API – visit APIsecurity.io and sign up for the weekly newsletter.