API Security
Two of the API security industry’s leading experts, Dr Philippe de Ryck and Isabelle Mauny, guide you through some real-world cases of API security attacks and also share some best practices for securing your APIs.
October 24, 2023 – Santa Clara, CA. Today at API World, 42Crunch, the API Security Platform vendor, announced that it now has 1 million developers leveraging its API security tools to secure their APIs. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside their preferred Integrated Development Environments (IDE), […]
Many early adopters have chosen to tackle the API security problem with traffic analysis tools that use AI/ML to discover known and unknown APIs and identify suspected attacks. Yet these companies are now telling us they’re inundated with false positives, and feel no closer to addressing the core issue of having vulnerable APIs.
42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.
Isabelle Mauny (Field CTO) and Colin Domoney (Chief Technology Evangelist) from 42Crunch as they take a deep dive with live demos into how 42Crunch combines with GitHub to facilitate secure API development.
Enterprise Management Associates’ recent survey of technology and business leaders in North America revealed that 32% of firms admitted to only implementing API security standards in their production environment. Join industry experts from EMA Associates and 42Crunch as they explore why business cannot let API Security to be an afterthought.
Webinar showcasing how 42Crunch’s API Audit and API Scan tools integrate within VS Code allowing developers to instantly audit and test their APIs as they code.
“I want security, yeah Without it I had a great loss, no now Security, yeah And I want it at any cost …” (Otis Redding, 1964) Otis Redding may well have been singing about the love for another in these famous lines, but taken literally, his message will resonate with any company that has recently […]
42Crunch Expands Collaboration with Microsoft by Joining Microsoft Intelligent Security Association Collaboration Consolidates End-to-End API Security Experience for the Enterprise San Francisco, January 10, 2023 – 42Crunch, the Developer First API Security platform company, announced today that it has joined the Microsoft Intelligent Security Association (MISA), a group of security technology providers who have integrated their […]
42Crunch is the first API Security platform vendor to join the Microsoft Intelligent Security Association (MISA). By combining Microsoft Sentinel’s intelligent analytics with 42Crunch’s API design and run-time security controls enterprises gain a holistic view of their API security program.
500,000 API Developers secure APIs as they develop from inside their favorite IDEs 19 September, 2022 – San Francisco, API Specifications Conference (ASC) – 42Crunch, the Developer First API Security platform company, announced today at ASC the availability of the platform’s API Scan service inside the leading IDEs for developers. With over 500,000 developers already […]
Colin Domoney from 42Crunch, in his recent article on DevOps.com, addresses the disconnect between development and security teams and explains the key challenges facing developers in creating secure API code. Better understanding of the challenges on both sides can help create greater empathy which in turn can help foster greater collaboration. “..Security teams have always […]
JUNE 7, 2022 – National Harbor, Maryland. Today at the Gartner Security & Risk Management Summit, 42Crunch, the Developer-First API Security Platform vendor, announced that it has over 450,000 developers now using its API Security tools. 42Crunch makes it easy for developers to use its OpenAPI security tools from directly inside the market leading Integrated Development […]
Isabelle Mauny from 42Crunch takes a high level look at the different problems facing APIs today and gives some recommendations in her article on APIscene.io The idea of this article is to serve as an introduction to API security. We’ll look from a high-level view at all the different problems that are stacking up around […]
Earlier this month I had the chance to join my new colleagues from 42Crunch at our all-hands in Ireland and I couldn’t be more excited that there’s something special that we’re building here. Setting aside that Cork and Kinsale are some of the prettiest places I’ve ever visited, I was able to see how passionate […]
O grande susto Um amigo comentou comigo um episódio interessante: Telefonaram para ele dizendo que era um canal de nível oito de seu banco, confirmando dados como endereço, nome de mãe e pai, cônjuge, filhos etc, dizendo que existiam transações suspeitas, e que a conta dele havia sido invadida e ele precisava ligar urgentemente para […]
This webinar presents the new integration of 42Crunch with comprehensive mobile app protection from Approov. A joint solution that delivers shift-left API protection as well as run-time shielding that extends all the way to your mobile apps and the environments they run in.
Why Developer-First API Security is Prevailing in Enterprise. The DevSecOps movement has led to a distinct “shift-left” in the enterprise where tasks are moved earlier in the development cycle so that developers can directly address production concerns as the code is being written. Companies are realizing greater business benefits from this shift-left approach, with accelerated […]
Tus APIs están en riesgo, punto! Muchas organizaciones tienen la epifanía de que tener los componentes tradicionales como WAF y las capacidades tradicionales de los API Gateways son suficientes para que estén protegidas, pero no lo están.
Diseñando APIs seguras usando la plataforma 42Crunch con Postman
October 11, San Francisco, CA – Today at KubeCon, 42Crunch, the Developer-First API security platform company, announced their collaboration with Cisco to provide the developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection. APIs are increasingly a favorite target for hackers seeking to compromise cloud environments […]
The last two decades have seen a proliferation of software (according to GitHub there has been a 35% increase in code repositories in 2020 alone) into every aspect of our lives in the form of web or mobile applications. Adversaries have increasingly attacked these applications, and defenders have adopted various testing tools and technologies to […]
42Crunch poll reveals that a third of developers are now implementing security testing at the start of the API design lifecycle. 33% of developers implementing security after the coding stage. 34% of developers implement security either before or after production deployment. San Francisco, CA – June 24, 2021 – 42Crunch, the API Security platform vendor, […]
Kin Lane, chief Evangelist with Postman recently joined Isabelle Mauny, Field CTO at 42Crunch for a webinar to demonstrate how enterprises are automating the testing of API security for all their APIs.
LOSING MY RELIGION: Successful and unsuccessful approaches to API Security in a global enterprise – A take on Ford Motor Company’s approach to API security and the journey to enforce security compliance while ensuring productivity of thousands of developers managing thousands of APIs. The Cybersecurity Snowball Effect With development Communities and product teams, there are […]
IRVINE, CA, DECEMBER 15, 2020 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the release of new IDE OpenAPI (Swagger) editing plugins for both Eclipse and JetBrains family of IDEs including IntelliJ and PyCharm. 42Crunch’s free OpenAPI security audit plugins simplify REST API development by delivering features such […]
Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have […]
To consider and apply API security effectively, we need to understand where we are and where we need to go. We need to know the tools we have available and who our allies are. Finally, we need a clear path and priorities on what we can accomplish and how. In this webinar, we’ll lay out a reference architecture to ensure we understand the scope, challenges, and approach to secure your APIs and organization as a whole.
According to the State of the APIs report released by Smartbear in 2019, 80% of developers use OpenAPI to describe their APIs (you may still call it Swagger, but you really should call it OpenAPI now!)
When talking to prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way […]
This tutorial illustrates how to fix issues found in the API security audit and shows you how to iteratively update your OpenAPI definition.
WSO2 API Manager 3.1 brings a lot of interesting features including the ability to run 42Crunch’s audit tool directly from the API Publishing portal.
You had questions, and we’ve got answers! Thank you for all the questions submitted on our “Top API Security Issues Found During POCs” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us. Is there a way to add […]
You had questions, and we’ve got answers! Thank you for all the questions submitted on our “The Anatomy of Four API Breaches” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us. [xyz-ihs snippet=”Anatomy-API-Breach”] Does the implementation […]
Security is an important topic in software development. Unfortunately, security is usually considered too late in software development, and especially in the API lifecycle. Waiting until software and APIs are in production before addressing security concerns can be a severe risk to your organization. Did you know that vulnerabilities found in production cost up to 30x time and money more to fix?
In loosely coupled architectures, we must put in place application level security, should it be for client traffic (North-South) or intra-microservices traffic (East-West).
Every day, new breaches show us that we still have a long way to go with API security. In order to protect APIs, enterprises need to take a holistic approach, which includes the following: Securing the infrastructure: OS configuration, network configuration as well as containers. Properly configuring application servers: enforce TLS 1.2/1.3, remove weak cipher […]
You had questions, and we’ve got answers! Thank you for all the questions submitted on the Positive Security for APIs: What it is and why you need it! We couldn’t get to all of them so we wanted to follow-up with a full list of all the Q&A – and the slide deck as well! [xyz-ihs […]
Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or output validation.
You had questions, and we’ve got answers! Thank you for all the questions submitted on the OWASP API Security Top 10 webinar on Nov 2019. We couldn’t get to all of them so we wanted to follow-up with a full list of all the Q&A – and the slide deck as well! How do you […]
When we started 42Crunch 3 years ago, we were convinced that a new market segment would emerge: API security. And the market is now catching up with our vision! This is exemplified by the recent release of the OWASP Top 10 for API Security threats document, which highlights threats that do not apply to traditional […]
42Crunch CEO, Jacques Declas, sat down with Alan Shimel of Digital Anarchist at this year’s RSA APJ show to discuss new trends in API Security, DevSecOps, and what tools you need to keep up! [Alan Shimel] Hey everyone, it’s Alan Shimel for DevOps.com Security Boulevard. We’re here in Singapore at RSA APJ. We’re right […]
42Crunch Allows Organizations to Extend Comprehensive API Security Beyond the Edge, to Each and Every Container in Kubernetes Environments SINGAPORE, JULY 16, 2019 — Today at RSA Asia Pacific & Japan 2019, API security leader and creator of the industry’s first API Firewall – 42Crunch – announced the latest release of its API security platform […]
The 42Crunch platform offers DevSecOps teams a unique set of integrated API security tools which allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks. The 42Crunch June 2019 release introduces an updated, easy to use UI along with key enhancements to API contract security audit reports, full user management for organization administrators, […]
Last week, a new OWASP project was launched at the Global AppSec conference in Tel Aviv: the API Security Top 10 list. The project information and initial Top 10 list were presented by Erez Yalon (Checkmarx) and Inon Shkedy and you can download the presentation PDF. We have also created an OWASP API Security Top […]
Where is the truth and what’s the fiction ? In this webinar Alexei Balaganski, Lead Analyst at Kuppinger Cole and myself contrasted our experience with customers and prospects and came up with a list of facts and fictions about API security. We both have seen a surge of interest in API security after a challenging […]
London – Nov 21, 2018 – Today, at the API Security For Open Banking Summit, 42Crunch, the leading backend API security platform and CriticalBlue, provider of Approov, the leading frontend mobile API security solution, announced that they are now offering enterprise customers with an end-to-end API protection service. 42Crunch and CriticalBlue were both named Cool Vendors […]
We recently participated to the DZone mobile apps development guide to highlights some of the key best practices when dealing with API keys and tokens. Below is an excerpt, the full article is available on DZone! Modern applications, both web-based and native, rely on APIs on the backend to access protected resources. To authorise access […]
IRVINE, CA, USA, November 5, 2018 — 42Crunch announced today that it has launched APISecurity.io, an online API Security hub that includes, for example, a weekly newsletter, industry news, information on recent breaches and vulnerabilities, standards, regulations, and tools. APISecurity.io provides API developers the much needed single source for up-to-date and relevant information around API […]
The APIWorld conference came to end last week. This was the first public preview of our platform! We had a blast talking to many attendees and presenting at the event. This also gave us the opportunity to address a few common questions relative to API security and our product. 1. I have seen 3 vendors […]
APIs are the access doors to your enterprise assets and the backbone of pretty much any application that has been written in recent years. While most companies apply token-based access to APIs with OpenIDConnect and OAuth, there are still many aspects of security which are not properly covered for APIs such as common injection attacks, […]
Without any doubt, APIs have redefined the enterprise architecture landscape by becoming the building blocks of internal and external enterprise applications. APIs are now the entry point into most architectures, much like servlets and JSPs were in the application server era. APIs give access to a wide range of applications, systems, databases and now things with […]