WEBINAR: 42Crunch Platform Demo: No PowerPoint, no BS, just ACTION!

Here’s the deal… The 42Crunch solution lets you describe security as code as part of your OpenAPI specification files, allowing you to entirely automate the API security process, from the very beginning of the API lifecycle. Developers can simply annotate their API contracts to describe the required security policies and we process those annotations to […]

Continue reading


WEBINAR: Positive Security for APIs – What it is and why you need it!

Positive Security for APIs: What it is and why you need it! Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or output validation. Here are a few illustrative real-life examples on this: Drupal suffered a major issue in February 2019: a remote code execution flaw […]

Continue reading


Positive Security for APIs: what it is and why you need it!

When visiting prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way to […]

Continue reading


WEBINAR: The OWASP API Security Top 10

The OWASP API Security Top 10 In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API […]

Continue reading


Deploying DevSecOps for APIs: a tale of shifting left…

DevSecOps is a hot topic at the moment, and particularly relevant when dealing with API development. APIs are growing at an exponential rate: not only  are they the backbone of any application, but microservices architecture imply exposing internal APIs for every microservice or group of microservices. The average number of APIs to protect within an […]

Continue reading


Thank You for Joining Us at API World

We hope that you have had some time to catch up from API World last week! Thank you for stopping by our booth and sessions. Below are a few things that you may be interested in: 42Crunch Collateral: OWASP API Security Top 10 Cheat Sheet: http://bit.ly/2Bcjoms 42Crunch Overview: http://bit.ly/2MECCXe   Presentation Slides:   The Dev, Sec […]

Continue reading


Addressing Harbor Registry Vulnerability with 42Crunch

Hot from the press! There is a mass assignment vulnerability in the Harbor registry. Mass assignment is entry A6 on the OWASP API Security Top 10 list. A6 is described in the OWASP API Security Top 10 as: An API endpoint is vulnerable if it automatically converts client parameters into internal object properties without considering […]

Continue reading