You had questions, and we’ve got answers!
Is there information about the issues and how to fix them?
Yes, issues documentation is freely visible on apisecurity.io: https://apisecurity.io/encyclopedia/content/api-security-encyclopedia.htm – You will find there the issues, what the potential vulnerabilities are and advice for remediation.
Is this audit feature available with the community version of WSO2?
Yes it is. WSO2 delivers open source products which are fully functional.
What do you have to do on the 42Crunch side to enable this WSO2 feature?
You need to self-register and obtain an API token to be able to invoke the audit. The instructions are visible here: https://apim.docs.wso2.com/en/next/learn/api-security/configuring-api-security-audit/.
Is it possible to automate the solution of some problems?
Problem remediation requires knowledge of the API. It is very hard to automate the discovery of an OAS file beyond the basics (verb, path, header and query param names, basic schemas). For data formats and limits, you need to use inner knowledge of your data and processes. This said, at 42Crunch, we are working on making it easier to remediate issues by identifying repeating patterns, suggesting regular expressions and limits for known formats (like uuids, dates or credit card numbers) so that you can quickly remediate issues.