API Security Tutorials
Learn more about how to use the 42Crunch platform and free tools!

OpenAPI Swagger Editor

OpenAPI Swagger Extension VS Code

Tutorials Our previous tutorial used the build-in Security Editor in 42Crunch Platform to fix audit issues in the OpenAPI (formerly Swagger) definition. In this one, we do the same thing but in Microsoft Visual Studio Code (VS Code) using the 42Crunch OpenAPI extension. Extension Overview Below is an example of the 42Crunch OpenAPI (Swagger) extension for VS Code. If you do not already have it, just go to Extensions and search for...

API Security Audit using OpenAPI Swagger Extension VS Code

Tutorials Our previous tutorial used the build-in Security Editor in 42Crunch Platform to fix audit issues in the OpenAPI (formerly Swagger) definition. In this one, we do the same thing but in Microsoft Visual Studio Code (VS Code) using the 42Crunch OpenAPI extension. Extension Overview Below is an example of the 42Crunch OpenAPI (Swagger) extension for VS Code. If you do not already have it, just go to Extensions and search for...

Platform Overview

API Security Platform Overview

Tutorials Welcome to our tutorials on 42Crunch Platform. Start with a quick overview of how to get started, and the general dashboard layout. The subsequent tutorials go deeper into each and every function of the platform. Login and Dashboard To log into the platform, go to https://platform.42crunch.com/login A successful login takes you to your dashboard and the landing page of the platform. From here you can immediately start creating API...

OpenAPI (Swagger) specification Security Audit on the 42Crunch Platform

Tutorials Now that you have had an overview of the platform, let's get started by importing an API for security audit. Importing APIs To import an OpenAPI (formerly Swagger) definition, click Import API (1) to upload your JSON file. These files contain all the basic information and documentation on how your API functions. As mentioned in the platform overview tutorial, (2) APIs are grouped into collections. If you have not yet created a...

OpenAPI (Swagger) specification Audit Report explained

Tutorials In our previous tutorial, we have created an API collection, and imported and audited an OpenAPI (Swagger) definition file. Now we are going to drill into the report and walk you through how to get the most out of it. Viewing Checks API Contract Security Audit is a static analysis of your OpenAPI (Swagger) file using OpenAPI Specification. We run 300+ checks on your API definition, and you can...

Fixing API Security Issues identified in the Audit Report

Tutorials In our previous tutorial, we took a look at the audit report from API Contract Security Audit. This one proceeds onto fixing the issues found in the audit and see how we can iteratively work on our OpenAPI / Swagger definition. Navigating Issues The best place to start are the high priority issues, they are the fastest way to improve the audit score. For example, in the audit report,...

API Security Testing with API Scan

Tutorials Now that we have reviewed and locked down our contract, we are going to perform a conformance scan. Dynamic Testing API Contract Conformance Scan is a dynamic runtime analysis of your API to check that the behavior of the API conforms to the contract it advertises in its OpenAPI (formerly known as Swagger) definition. You can run a scan on an API you have imported to 42Crunch Platform and...

API Protect Micro API Firewall

Tutorials In previous tutorials, we have covered static analysis with the API security audit, dynamic testing with conformance scan - now it's time to discuss protection. Protection Overview The Protection function is real-time protection of live APIs. You put our API firewall in the line of traffic. It's an extremely efficient piece of software that we ship as a docker image. It's been written in C, is highly optimized, less...

API Protect Micro API Firewall Reports and Troubleshooting

Tutorials You've seen how 42Crunch can protect your APIs and microservices - now let's review reporting. Viewing Transaction Logs At any time, you can click on transaction logs to view all failed transactions found by the conformance scan and review the full list. Look up a Specific Error So one thing that I want to show first is how you can troubleshoot and see that specific transactions that get blocked....

Ready to Learn More?

Developer-first solution for delivering API security as code.