API Security

42Crunch Strengthens Shift-Left for API Security with API Scan from Inside IDE

September 21, 2022

500,000 API Developers secure APIs as they develop from inside their favorite IDEs 19 September, 2022 – San Francisco, API Specifications Conference (ASC) – 42Crunch, the Developer First API Security platform company, announced today at ASC the availability of the platform’s API Scan service inside the leading IDEs for developers. With over 500,000 developers already […]

Empathy for the API Developer

July 25, 2022

Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help foster greater collaboration. “..Security teams have always […]

42Crunch Reaches 450,000 Developers as Shift-Left & Shield-Right Approach For API Security Prevails

June 7, 2022

JUNE 7, 2022 – National Harbor, Maryland. Today at the Gartner Security & Risk Management Summit, 42Crunch, the Developer-First API Security Platform vendor, announced that it has over 450,000 developers now using its API Security tools. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside the market leading Integrated Development […]

An Introduction to API Security

May 27, 2022

Isabelle Mauny from 42Crunch takes a high level look at the different problems facing APIs today and gives some recommendations in her article on APIscene.io The idea of this article is to serve as an introduction to API security. We’ll look from a high-level view at all the different problems that are stacking up around […]

When Shift-Left is more than a marketing campaign

May 24, 2022

Earlier this month I had the chance to join my new colleagues from 42Crunch at our all-hands in Ireland and I couldn’t be more excited that there’s something special that we’re building here. Setting aside that Cork and Kinsale are some of the prettiest places I’ve ever visited, I was able to see how passionate […]

Sua empresa não tem alternativa: Proteger as APIs da forma correta passa a ser uma obrigação

May 18, 2022

O grande susto Um amigo comentou comigo um episódio interessante: Telefonaram para ele dizendo que era um canal de nível oito de seu banco, confirmando dados como endereço, nome de mãe e pai, cônjuge, filhos etc, dizendo que existiam transações suspeitas, e que a conta dele havia sido invadida e ele precisava ligar urgentemente para […]

How to Extend Protection of your Data from API to Mobile Application

March 8, 2022

This webinar presents the new integration of 42Crunch with comprehensive mobile app protection from Approov. A joint solution that delivers shift-left API protection as well as run-time shielding that extends all the way to your mobile apps and the environments they run in.

Why Developer-First API Security is Prevailing in Enterprise

March 7, 2022

Why Developer-First API Security is Prevailing in Enterprise. The DevSecOps movement has led to a distinct “shift-left” in the enterprise where tasks are moved earlier in the development cycle so that developers can directly address production concerns as the code is being written. Companies are realizing greater business benefits from this shift-left approach, with accelerated […]

Protección efectiva de sus APIs y Microservicios

November 4, 2021

Tus APIs están en riesgo, punto! Muchas organizaciones tienen la epifanía de que tener los componentes tradicionales como WAF y las capacidades tradicionales de los API Gateways son suficientes para que estén protegidas, pero no lo están.

Diseñando API seguras usando la plataforma 42Crunch con Postman

November 2, 2021

Diseñando APIs seguras usando la plataforma 42Crunch con Postman

42Crunch and Cisco Collaborate to Drive API Security Forward and to Increase Cloud Protection

October 11, 2021

October 11, San Francisco, CA – Today at KubeCon, 42Crunch, the Developer-First API security platform company, announced their collaboration with Cisco to provide the developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection. APIs are increasingly a favorite target for hackers seeking to compromise cloud environments […]

Application Security Tools Are Not up to the Job of API Security

October 5, 2021

The last two decades have seen a proliferation of software (according to GitHub there has been a 35% increase in code repositories in 2020 alone) into every aspect of our lives in the form of web or mobile applications. Adversaries have increasingly attacked these applications, and defenders have adopted various testing tools and technologies to […]

42Crunch and Postman See Growth of Shift-Left Adoption for API Security by Enterprise

June 23, 2021

42Crunch poll reveals that a third of developers are now implementing security testing at the start of the API design lifecycle.  33% of developers implementing security after the coding stage. 34% of developers implement security either before or after production deployment. San Francisco, CA  – June 24, 2021 – 42Crunch, the API Security platform vendor, […]

Integrating 42Crunch API Contract Security Testing within Postman

June 17, 2021

Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs.

Strengthening Your API Security Posture – Ford Motor Company

March 31, 2021

LOSING MY RELIGION: Successful and unsuccessful approaches to API Security in a global enterprise – A take on Ford Motor Company’s approach to API security and the journey to enforce security compliance while ensuring productivity of thousands of developers managing thousands of APIs. The Cybersecurity Snowball Effect With development Communities and product teams, there are […]

42Crunch Publishes New OpenAPI Security Audit Plugins for Eclipse, IntelliJ, PyCharm

December 15, 2020

IRVINE, CA, DECEMBER 15, 2020 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the release of new IDE OpenAPI (Swagger) editing plugins for both Eclipse and JetBrains family of IDEs including IntelliJ and PyCharm. 42Crunch’s free OpenAPI security audit plugins simplify REST API development by delivering features such […]

Why knowing is better than guessing for API Threat Protection

October 25, 2020

Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have […]

OAuth, OWASP, Gateways and Meshes – Oh my!

September 24, 2020

To consider and apply API security effectively, we need to understand where we are and where we need to go. We need to know the tools we have available and who our allies are. Finally, we need a clear path and priorities on what we can accomplish and how. In this webinar, we’ll lay out a reference architecture to ensure we understand the scope, challenges, and approach to secure your APIs and organization as a whole.

OpenAPI for API Security (Why Guess when you know?)

July 23, 2020

According to the State of the APIs report released by Smartbear in 2019, 80% of developers use OpenAPI to describe their APIs (you may still call it Swagger, but you really should call it OpenAPI now!)

42Crunch approach vs. Traditional WAF approach: using positive security by default

June 20, 2020

When talking to prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way […]

Fixing API Security Issues identified in the Audit Report

May 31, 2020

Tutorials In our previous tutorial, we took a look at the audit report from API Contract Security Audit. This one proceeds onto fixing the issues found in the audit and see how we can iteratively work on our OpenAPI / Swagger definition. Navigating Issues The best place to start are the high priority issues, they […]

42Crunch Security Audit for WSO2 API Manager 3.1

May 28, 2020

WSO2 API Manager 3.1 brings a lot of interesting features including the ability to run 42Crunch’s audit tool directly from the API Publishing portal.

Questions Answered: Top API Security Issues Found During POCs

May 26, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “Top API Security Issues Found During POCs” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”POCs-Webinar”]     Is […]

Questions Answered: The Anatomy of Four API Breaches

May 4, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “The Anatomy of Four API Breaches” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”Anatomy-API-Breach”]   Does the implementation […]

REST API Security for Microsoft Azure Pipelines

March 25, 2020

Security is an important topic in software development. Unfortunately, security is usually considered too late in software development, and especially in the API lifecycle. Waiting until software and APIs are in production before addressing security concerns can be a severe risk to your organization. Did you know that vulnerabilities found in production cost up to 30x time and money more to fix?

Protecting Microservices APIs with 42Crunch API Firewall

February 2, 2020

In loosely coupled architectures, we must put in place application level security, should it be for client traffic (North-South) or intra-microservices traffic (East-West).

42Crunch API Firewall and API Management: why you need both!

January 29, 2020

Every day, new breaches show us that we still have a long way to go with API security. In order to protect APIs, enterprises need to take a holistic approach, which includes the following: Securing the infrastructure: OS configuration, network configuration as well as containers. Properly configuring application servers: enforce TLS 1.2/1.3, remove weak cipher […]

Questions Answered: Positive Security for APIs Webinar

December 16, 2019

You had questions, and we’ve got answers! Thank you for all the questions submitted on the Positive Security for APIs: What it is and why you need it! We couldn’t get to all of them so we wanted to follow-up with a full list of all the Q&A – and the slide deck as well! [xyz-ihs […]

Positive API Security Model, and Why You Need It!

December 10, 2019

Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or output validation.

Questions Answered: OWASP API Security Top 10 Webinar

November 22, 2019

You had questions, and we’ve got answers! Thank you for all the questions submitted on the OWASP API Security Top 10 webinar on Nov 21. We couldn’t get to all of them so we wanted to follow-up with a full list of all the Q&A – and the slide deck as well! [xyz-ihs snippet=”OWASP-webinar”]   […]

API Security is not Web Application Security!

September 17, 2019

When we started 42Crunch 3 years ago, we were convinced that a new market segment would emerge: API security. And the market is now catching up with our vision! This is exemplified by the recent release of the OWASP Top 10 for API Security threats document, which highlights threats that do not apply to traditional […]

Revolutionizing API Security – 42Crunch + Digital Anarchist

August 22, 2019

42Crunch CEO, Jacques Declas, sat down with Alan Shimel of Digital Anarchist at this year’s RSA APJ show to discuss new trends in API Security, DevSecOps, and what tools you need to keep up!   [Alan Shimel] Hey everyone, it’s Alan Shimel for DevOps.com Security Boulevard. We’re here in Singapore at RSA APJ. We’re right […]

42Crunch Announces Full Kubernetes Support to Automate Zero-Trust API Security Across Microservices Architecture

July 15, 2019

42Crunch Allows Organizations to Extend Comprehensive API Security Beyond the Edge, to Each and Every Container in Kubernetes Environments SINGAPORE, JULY 16, 2019 — Today at RSA Asia Pacific & Japan 2019, API security leader and creator of the industry’s first API Firewall – 42Crunch – announced the latest release of its API security platform […]

Enhance Your DevSecOps Experience with the 42Crunch API Security Platform

June 26, 2019

The 42Crunch platform offers DevSecOps teams a unique set of integrated API security tools which allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks. The 42Crunch June 2019 release introduces an updated, easy to use UI along with key enhancements to API contract security audit reports, full user management for organization administrators, […]

Hot off the press: the OWASP API Security Top 10 list!

June 18, 2019

Last week, a new OWASP project was launched at the Global AppSec conference in Tel Aviv: the API Security Top 10 list. The project information and initial Top 10 list were presented by Erez Yalon (Checkmarx) and Inon Shkedy and you can download the presentation PDF. We have also created an OWASP API Security Top […]

API Security: separating truth from fiction

April 16, 2019

Where is the truth and what’s the fiction ? In this webinar Alexei Balaganski, Lead Analyst at Kuppinger Cole and myself contrasted our experience with customers and prospects and came up with a list of facts and fictions about API security. We both have seen a surge of interest in API security after a challenging […]

42crunch and CriticalBlue announce partnership

November 26, 2018

London – Nov 21, 2018 – Today, at the API Security For Open Banking Summit, 42Crunch, the leading backend API security platform and CriticalBlue, provider of Approov, the leading frontend mobile API security solution, announced that they are now offering enterprise customers with an end-to-end API protection service. 42Crunch and CriticalBlue were both named Cool Vendors […]

Token Management Security Best Practices

November 19, 2018

We recently participated to the DZone mobile apps development guide to highlights some of the key best practices when dealing with API keys and tokens. Below is an excerpt, the full article is available on DZone! Modern applications, both  web-based and native, rely on APIs on the backend to access protected resources. To authorise access […]

42Crunch launches APISecurity.io, hires Dmitry Sotnikov as the VP of Cloud Platform

November 5, 2018

IRVINE, CA, USA, November 5, 2018 — 42Crunch announced today that it has launched APISecurity.io, an online API Security hub that includes, for example, a weekly newsletter, industry news, information on recent breaches and vulnerabilities, standards, regulations, and tools. APISecurity.io provides API developers the much needed single source for up-to-date and relevant information around API […]

API Security FAQ : the top 5 questions we answered at the APIWorld conference!

October 10, 2017

The APIWorld conference came to end last week. This was the first public preview of our platform! We had a blast talking to many attendees and presenting at the event. This also gave us the opportunity to address a few common questions relative to API security and our product. 1. I have seen 3 vendors […]

Start acting on API Security today!

July 25, 2017

APIs are the access doors to your enterprise assets and the backbone of pretty much any application that has been written in recent years. While most companies apply token-based access to APIs with OpenIDConnect and OAuth, there are still many aspects of security which are not properly covered for APIs such as common injection attacks, […]

Why do we need the A10 entry in the OWASP Top 10?

July 18, 2017

Without any doubt, APIs have redefined the enterprise architecture landscape by becoming the building blocks of internal and external enterprise applications. APIs are now the entry point into most architectures, much like servlets and JSPs were in the application server era. APIs give access to a wide range of applications, systems, databases and now things with […]