BLOG

Questions Answered: REST API Security by Design with Azure Pipelines

You had questions, and we’ve got answers!

Thank you for all the questions submitted on our “REST API Security by Design with Azure Pipelines” webinar. Below are all the answers to the questions that were asked. If you’d like more information please feel free to contact us.

REST API Security forĀ Microsoft Azure Pipelines.Ā Watch Webinar

REST API Security for MicrosoftĀ Azure Pipelines Slide DeckĀ Download

I know this API Security Audit requires a Token to call it from VS Code, is there any limitation on the # of calls or licensing associated?

Neither the VS Code plugin nor the Azure DevOps extension have limits on the number of security audits run. However, there is a rate limit of 3 calls per minute from the same IP.Ā 

There is a difference in behavior of these two extensions though. The VS Code extension is a personal developer tool, so the report is only shown to the individual developer using it and not stored anywhere.

The Azure DevOps extension is publishing the reports to the central 42Crunch platform so your whole team can get access to them. Thus, the licensing limits of the 42Crunch subscription starts playing a role here. 42Crunch has a free tier up to 3 APIs and monthly subscription options beyond that.Ā The number of updates to these APIs or the number of times you call the platform for security testing is not limited.

 

Is there any software that can generate an API file for a code written in any programming language?

Yes, OpenAPI standard has a broad industry support. You can find most tools supporting it at https://openapi.tools/ as well as https://github.com/swagger-api/swagger-core

 

How is the 42Crunch Platform connected to Azure DevOps?

Azure DevOps is connecting to the 42Crunch platform via API and pushing OpenAPI files to be tested to it. The Azure DevOps extension then collects the security testing results, displays them in the pipeline, and makes the success or failure decision based on the criteria that you set.

 

Will there be support for other Cloud vendors in the roadmap?

42Crunch API Security platform can work with APIs developed and hosted in any cloud. It is not dependent on Azure in any way. In this particular webinar, we have been demonstrating our extension for Azure DevOps CI/CD pipeline.Ā 

We have a few internal plugins for other CI/CD platforms so if you are using something else please fill out the Contact Us form on our website to request access.

 

It’s a cloud service. How about privacy? How will my data be handled?

42Crunch is indeed a multi-tenant cloud service. Please see our Terms & Conditions for details: https://platform.42crunch.com/terms-and-conditions

 

This is a real cool plugin. Is there one available for java developers (like IntelliJ, Eclipse)?

Non VS Code plugins are in the works. Please fill out the Contact Us form on our website so we can notify you when we are ready to start our private beta for them.

 

Do you have plans to make an on-prem version of your platform, or at least the audit service?

On-prem version of 42Crunch platform is available for large enterprise customers. If you are interested, please fill out the Contact Us form on our website.

 

What about integration with Stoplight.io? Stoplight is a powerful design first platform. 42Crunch integration will be a great add.

Stoplight.io does not have a model of 3rd-party extensions. We are hoping to find a way to work with Stoplight to plug our tests into their platform.

 

42Crunch REST API Static Security Testing Extension for Azure Pipelines

 

 

Try our security audit for free. If you want to see the whole platform in action, request a demo now!

Latest Resources

WEBINAR

Mitigate OWASP API risks through security-by-design

Learn best practices and mitigation steps for some of the OWASP API vulnerabilities through this 42Crunch API security best practice webinar

NEWS

VicOne Partners with 42Crunch to Deliver Uniquely Comprehensive Security Across SDV and Connected-Vehicle Ecosystem

By Newsdesk | May 29, 2024

Collaboration pairs leaders in API and automotive cybersecurity to enable broad protectionĀ as attacks on automotive APIs climb within and among vehicle, cloud and mobileĀ  DALLAS and TOKYO, May 29, 2024ā€”VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch Ā to enhance the security of application programming […]

DataSheet

APIs are the core building block of every enterpriseā€™s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developersā€™ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

WEBINAR

Mitigate OWASP API risks through security-by-design

Learn best practices and mitigation steps for some of the OWASP API vulnerabilities through this 42Crunch API security best practice webinar

NEWS

VicOne Partners with 42Crunch to Deliver Uniquely Comprehensive Security Across SDV and Connected-Vehicle Ecosystem

By Newsdesk | May 29, 2024

Collaboration pairs leaders in API and automotive cybersecurity to enable broad protectionĀ as attacks on automotive APIs climb within and among vehicle, cloud and mobileĀ  DALLAS and TOKYO, May 29, 2024ā€”VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch Ā to enhance the security of application programming […]

DataSheet

Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterpriseā€™s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developersā€™ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.