Tutorials

API Security & Conformance Scan using OpenAPI Swagger Editor Extension in VS Code

A dynamic security scan of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities such as BOLA and BFLA. The tutorial videos below are relevant for all the available IDEs. API Scan is also available on the 42Crunch Platform and CI/CD platforms such as GitHub Actions and Azure DevOps.

Activate API Scan

You can run the dynamic API Scan security test locally on your machine without having to share the API. Activation differs slightly between free and paying customers. Please refer to the relevant video below.

Paying Customers

Free Customers

Overview of the Scan Configuration Viewer

Explanation of the scan configuration viewer where you configure and run your scan tests

Running your first API Scan

Learn how to configure and run your first API Scan and read the results

Use Variable Substitution

Variable substitution is a powerful feature that enables dynamic changes to your requests and responses

Setup Dynamic API Authentication

Authentication tokens such as OAuth or an API key may be required In order to test your API. Find out how to configure the scan for dynamic authentication.

API Happy Path Scanarios

You can add additional operations and requests to your scan configuration scenario to create more complex test scenarios. Take a look at the video explainer.

Setup and Teardown using Global Blocks

Set up and tear down test resources or create test states to test the API using before and after blocks e.g. Create a new test user account, run tests and then delete the new user

Test for Broken Authorization

Find out how to test your APIs for Authorization vulnerabilities such as OWASP API 01:2023 - Broken Object Level Authorization (BOLA) or OWASP API 05:2023 - Broken Functional Level Authorization (BFLA) using the 42Crunch API Scan tool.

Latest Resources

WEBINAR

Review of Major API Security Breaches from H1 2024

In this latest webinar, Anthony Lonergan, reviews some of the most recent high-profile API breaches that occurred in 2024.
Anthony will give a detailed overview of each attack and explain how the different vulnerabilities could be exploited to compromise the companies involved. He then practically demonstrates how companies can remediate against these vulnerabilities order to better protect their APIs.

BLOG

The Scourge of SQL Injection for APIs

By Anthony Lonergan | June 25, 2024

In a report published in May 2024, cybersecurity firm Eclypsium outlined key vulnerabilities discovered in the F5 Big IP Next device. It’s another sobering reminder of the challenges faced in securing APIs when a highly regarded security company like F5 launches a new flagship product with all-too-familiar vulnerabilities […]

DataSheet

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.

Get Started

API SECURITY PLATFORM

SERVICES

Key Initiatives

By Function

By Industry

DEVOPS

Runtime