API Testing

Hacking APIs for Fun & Profit

October 6, 2022

Join Colin Domoney, Developer Advocate at 42Crunch in discussion with Adrian and Bogdan Tiron, Managing Partners at FORTBRIDGE as they discuss their careers as pen testers, and in particular their recent experiences in testing and exploiting API-based products.

42Crunch API Security Platform March 2021 Release

March 23, 2021

Today we are happy to announce the global availability of the latest version of the 42Crunch API Security Platform. We have updated our community deployment used by thousands of API developers worldwide, our IDE plugins, online tools, and deployments used by our enterprise customers. Below is a summary of the biggest new features and improvements. […]

Creating High Quality OAS Definitions with Springfox – Part 1: Security Definitions

March 9, 2021

Spring Boot is a popular framework to build applications and APIs. Leveraging the Springfox project and code annotations, developers can generate OAS files with a high 42Crunch Security Audit score. What is the 42Crunch Security Audit? The 42Crunch Security Audit is one of 3 services from the 42Crunch API Security Platform: it consumes OpenAPI (Swagger) […]

42Crunch Publishes New OpenAPI Security Audit Plugins for Eclipse, IntelliJ, PyCharm

December 15, 2020

IRVINE, CA, DECEMBER 15, 2020 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the release of new IDE OpenAPI (Swagger) editing plugins for both Eclipse and JetBrains family of IDEs including IntelliJ and PyCharm. 42Crunch’s free OpenAPI security audit plugins simplify REST API development by delivering features such […]

Why knowing is better than guessing for API Threat Protection

October 25, 2020

Why do we need different solutions for API Threat protection? APIs are becoming a hot target for hackers. Analysts and cyber security specialists agree that the privileged position of APIs as the open doors to the enterprise kingdom make them a favorite to breach. For the past 20 years, Web Application Firewalls (WAFs ) have […]

VS Code OpenAPI (Swagger) Editor Surpasses 100k Installs!

October 19, 2020

Our OpenAPI (Swagger) Editor for VS Code has reached over 100,000 installs! A year ago we released our VS Code OpenAPI (Swagger) Editor with the idea of making developers lives EASIER when it came to editing security in their OpenAPI / Swagger files. This month we surpassed 100k installs and wanted to say THANK YOU!! […]

42Crunch Releases OpenAPI Static Security Audit in GitHub Code Scanning

October 7, 2020

IRVINE, CA, OCTOBER 7, 2020 — Today, the API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of its REST API Static Security Testing with  GitHub code scanning. By adding 42Crunch to code scanning, developers can include REST API OpenAPI / Swagger definitions within static security tests. Most of […]

Questions Answered: OpenAPI for API Security

July 23, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our webinar: “OpenAPI for API Security – Why guess when you know?!” Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   Webinar: OpenAPI for […]

Questions Answered: Let’s shift API security left – sure, but how?

June 29, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our webinar: “Let’s shift API security left – sure, but how?” Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”Webinar-Lets-Shift-API-Security-Left”]   Don’t […]

42Crunch approach vs. Traditional WAF approach: using positive security by default

June 20, 2020

When talking to prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way […]

42Crunch Launches New REST API Static Security Testing Extension for Bitbucket Pipelines

June 16, 2020

IRVINE, CA, JUNE 16, 2020 — Today, the API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Atlassian’s code collaboration and CI/CD solution, Bitbucket Pipelines. This extension enables companies to easily enforce secure API design right from their CI/CD […]

Questions Answered: 42Crunch Security Audit for WSO2 API Manager 3.1

June 1, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “42Crunch Security Audit for WSO2 API Manager 3.1” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”WSO2-Webinar”]     […]

Questions Answered: Top API Security Issues Found During POCs

May 26, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “Top API Security Issues Found During POCs” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”POCs-Webinar”]     Is […]

Questions Answered: The Anatomy of Four API Breaches

May 4, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “The Anatomy of Four API Breaches” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”Anatomy-API-Breach”]   Does the implementation […]

Questions Answered: REST API Security by Design with Azure Pipelines

March 26, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “REST API Security by Design with Azure Pipelines” webinar. Below are all the answers to the questions that were asked. If you’d like more information please feel free to contact us. REST API Security for Microsoft Azure Pipelines. Watch Webinar REST […]

42Crunch Launches New REST API Static Security Testing Extension for Azure Pipelines 

March 18, 2020

Enables Azure DevOps customers to extend their DevSecOps practices to REST APIs IRVINE, CA, MARCH 18, 2020 — Today, the API security leader and creator of REST API DevSecOps tooling and the industry’s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Microsoft Azure Pipelines. This extension […]

42Crunch Adds Self Registration and Low-cost Tiers to API Security Platform

February 25, 2020

42Crunch Democratizes API Security by Adding Self Registration, Free and Low-Cost Tiers to Their Comprehensive API Security Platform   SAN FRANCISCO, FEBRUARY 25, 2020 — Today at the RSA Conference, API security leader and creator of the industry’s first API Firewall – 42Crunch – announced the launch of its new self-registration feature for their API […]

Questions Answered: Protecting Microservices APIs with 42Crunch API Firewall

February 24, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “Protecting Microservices APIs with 42Crunch API Firewall” webinar. Below are all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”Protecting-microservices”]     Can the sidecar be […]

Questions Answered: Are you properly using JWTs?

February 3, 2020

You had questions, and we’ve got answers! Thank you for all the questions submitted on our “Are you properly using JWTs?” webinar. Below are all the answers to the questions that were asked. If you’d like more information please feel free to contact us.   [xyz-ihs snippet=”Jwt-webinar”]     Is it considered safe if the […]

42Crunch Adds API Security Audit to its Visual Studio Code OpenAPI Extension

October 9, 2019

SAN JOSE, OCTOBER 9, 2019 — Today at API World, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of REST API Security Audit functionality in its popular OpenAPI extension for Microsoft Visual Studio Code — making it easier than ever to enable a DevSecOps process for API security. […]

Addressing Harbor Registry Vulnerability with 42Crunch

September 24, 2019

Hot from the press! There is a mass assignment vulnerability in the Harbor registry. Mass assignment is entry A6 on the OWASP API Security Top 10 list. A6 is described in the OWASP API Security Top 10 as: An API endpoint is vulnerable if it automatically converts client parameters into internal object properties without considering […]

New API Firewall Non-blocking Mode in Latest 42Crunch Release

September 12, 2019

The 42Crunch August 2019 release introduces a new API firewall non-blocking mode so you can test how it affects your existing API traffic without impacting consumers, a deeper integration between the security audit and editor for seamless navigation, and an enhanced audit issue view for faster editing. (See the release notes for additional details on full list […]

42Crunch Adds OpenAPI Editing Tools to its API Security Platform

August 6, 2019

Enables Any Developer to Become a Security Expert and the Driving Force Of API Security  IRVINE, AUGUST 6, 2019 — Today, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the latest release of its API security platform with enhanced tools for developers to easily define security in OpenAPI contracts — […]

Enhance Your DevSecOps Experience with the 42Crunch API Security Platform

June 26, 2019

The 42Crunch platform offers DevSecOps teams a unique set of integrated API security tools which allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks. The 42Crunch June 2019 release introduces an updated, easy to use UI along with key enhancements to API contract security audit reports, full user management for organization administrators, […]

APIsecurity.io adds API Security issues and a free API Contract Security Audit service

February 13, 2019

LONDON, UK, February 13, 2019 — API Contract Security Audit is a free online tool that lets developers and security professionals upload their OpenAPI definition files and get a detailed security assessment on the potential risks that their APIs might have. Each issue in the report shows the specific place in the API contract that […]

Start acting on API Security today!

July 25, 2017

APIs are the access doors to your enterprise assets and the backbone of pretty much any application that has been written in recent years. While most companies apply token-based access to APIs with OpenIDConnect and OAuth, there are still many aspects of security which are not properly covered for APIs such as common injection attacks, […]