Tutorials

OpenAPI (Swagger) Security Audit on the 42Crunch Platform

Now that you have had an overview of the platform, let’s get started by importing an API for security audit.

Importing APIs

To import an OpenAPI (formerly Swagger) definition, click Import API (1) to upload your JSON file. These files contain all the basic information and documentation on how your API functions.

As mentioned in the platform overview tutorial, (2) APIs are grouped into collections. If you have not yet created a collection, you can do it when you upload the file, or choose an existing collection. (3) Click Browse to pick the JSON file you want to upload. The API name is pre-populated based on the name of the file, but you can change it if you want.

Click Import, and you are on your way to securing your API contract!

Tip: To automate importing OpenAPI / Swagger definitions, you integrate it with your CI/CD pipeline.

sec-audit-import (Custom)

Audit Results

When you import an API definition, API Contract Security Audit runs 300+ checks on it and returns a report in seconds. The audit is based on the security best practices of the industry standard, the OpenAPI Specification. Your API gets a score from 1 to 100 based on how secure it is (1) To view the details of the audit report and the found issues, click Read Report (2).

The audit report outlines all the issues in the well-formedness and security of your API definition, ranks the security risks by severity, and shows you how you can fix the found issues.

Updating API Definitions

If you change an OpenAPI (Swagger) definition you have already uploaded to 42Crunch Platform, you can update the changes to the platform as well. Click the gear on the right, and select (1) Update Definition. Click on Browse to pick your file, and click Upload Definition (2).

Tip: Again, to automate importing OpenAPI / Swagger definitions, you integrate it with your CI/CD pipeline.

update-definition (Custom)

Latest Resources

WEBINAR

Review of Major API Security Breaches from H1 2024

In this latest webinar, Anthony Lonergan, reviews some of the most recent high-profile API breaches that occurred in 2024.
Anthony will give a detailed overview of each attack and explain how the different vulnerabilities could be exploited to compromise the companies involved. He then practically demonstrates how companies can remediate against these vulnerabilities order to better protect their APIs.

BLOG

The Scourge of SQL Injection for APIs

By Anthony Lonergan | June 25, 2024

In a report published in May 2024, cybersecurity firm Eclypsium outlined key vulnerabilities discovered in the F5 Big IP Next device. It’s another sobering reminder of the challenges faced in securing APIs when a highly regarded security company like F5 launches a new flagship product with all-too-familiar vulnerabilities […]

DataSheet

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.

Get Started