{"id":838,"date":"2022-04-27T19:05:12","date_gmt":"2022-04-27T18:05:12","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?page_id=838"},"modified":"2024-02-13T10:30:18","modified_gmt":"2024-02-13T10:30:18","slug":"api-protection","status":"publish","type":"page","link":"https:\/\/staging2022.42crunch.com\/api-protection\/","title":{"rendered":"API Protection"},"content":{"rendered":"\n\n\t\t<h1>\n\t\t\tAPI Protection\n\t\t<\/h1>\n\t\t\t<p>Runtime Content validation, threat detection and traffic throttling<\/p>\t\t\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2023\/09\/42C-API-Threat-Protection-Datasheet-2023-1p-v1.pdf\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\t\tAPI Protection Datasheet\n\t\t\t\t\t<\/a>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2023\/10\/DevSecOps-API-Protection.png\" alt=\"DevSecOps-API Protection\" itemprop=\"image\" height=\"156\" width=\"309\" title=\"DevSecOps-API Protection\" onerror=\"this.style.display='none'\"  \/>\n\t<p>API Protection is a critical capability of an API security platform. It relates to the ability to enforce security policies at design and runtime typically using an API micro-firewall.<\/p>\n<h2>\n\t\tShift-Left and Shield-Right for API Protection\n\t<\/h2>\n\t<p>Unlike traditional Appsec testing or firewall tools (SAST, DAST &amp; WAF) or newer API behavior analysis tools, 42Crunch combines a shift-left (<a href=\"https:\/\/staging2022.42crunch.com\/api-security-testing\/\">API security testing<\/a> during design, development and testing) and a shield-right (<a href=\"https:\/\/staging2022.42crunch.com\/micro-api-firewall-protection\/\">runtime protection<\/a>) approach to API security. From design-time right through to run-time, 42Crunch protects your APIs throughout the API lifecycle against API threats.<\/p>\n\t\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22-11.png\" target=\"_self\" itemprop=\"url\" rel=\"noopener\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22-11-1024x560.png\" alt=\"42C_UI_8_22-11\" itemprop=\"image\" height=\"560\" width=\"1024\" title=\"42C_UI_8_22-11\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<\/a>\n\t\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/micro-api-firewall-protection\/\" target=\"_self\" itemprop=\"url\" rel=\"noopener\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/08\/DevSecOps-UI-for-Solution-3-2-1024x728.png\" alt=\"DevSecOps-UI-for-Solution-3-2\" itemprop=\"image\" height=\"728\" width=\"1024\" title=\"DevSecOps-UI-for-Solution-3-2\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<\/a>\n<h2>\n\t\tAutomatically Enforce Content validation\n\t<\/h2>\n\t<p>Deploy <a href=\"https:\/\/staging2022.42crunch.com\/micro-api-firewall-protection\/\">API Protect<\/a> directly from your CI\/CD pipeline and it reconfigures automatically whenever the OpenAPI contract changes. API Protect is tailored to protect each API using a positive security model based on data conformance to the OpenAPI contract, block malicious attacks and unlike a traditional WAF-based solution, distinguish API attacks from legitimate API content traffic.<\/p>\n<h2>\n\t\tThreat Prevention and Anomaly Detection\n\t<\/h2>\n\t<p>WIth 42Crunch you can detect <a href=\"https:\/\/staging2022.42crunch.com\/owasp-api-security-top-10\/\">OWASP API Security Top 10 issues<\/a> such as data leakage, overflows, mass assignment, broken authentication or security misconfigurations. Our platform detects vulnerabilities triggered by the usage of:\u00a0\u00a0<\/p>\n<ul>\n<li aria-level=\"1\">Wrong verbs (invoking the API with GET or HEAD) when it expects PUT<\/li>\n<li aria-level=\"1\">Wrong paths<\/li>\n<li aria-level=\"1\">Wrong content-type<\/li>\n<li aria-level=\"1\">Wrong data format (integer instead of string for example)<\/li>\n<li aria-level=\"1\">Outside of API constraints (large strings, numbers or arrays)<\/li>\n<li aria-level=\"1\">Data Injection<\/li>\n<\/ul>\n\t\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22_Security_Audit_2.png\" target=\"_self\" itemprop=\"url\" rel=\"noopener\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22_Security_Audit_2-1024x560.png\" alt=\"42C_UI_8_22_Security_Audit_2\" itemprop=\"image\" height=\"560\" width=\"1024\" title=\"42C_UI_8_22_Security_Audit_2\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<\/a>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/08\/Traffic-Lights-1024x557.png\" alt=\"Traffic Lights\" itemprop=\"image\" height=\"557\" width=\"1024\" title=\"Traffic Lights\" onerror=\"this.style.display='none'\"  \/>\n<h2>\n\t\tTraffic Throttling\n\t<\/h2>\n\t<p>By throttling traffic based on a range of criteria, 42Crunch actively enforces API protection to prevent Denial of Service (DoS) or brute-force attacks. In microservice deployments, <a href=\"https:\/\/staging2022.42crunch.com\/micro-api-firewall-protection\/\">API Protect Firewall<\/a> is deployed separately with each instance of the microservice, so rate limiting is also enforced separately on each instance.<\/p>\n\t<h4>eBook<\/h4>\n<h2>\n\t\tAPI SECURITY\n\t<\/h2>\n<h2>\n\t\tA Blueprint for Success\n\t<\/h2>\n\t<p>Understand the API Security maturity model and learn how to build out a successful API Security program for your enterprise.<\/p>\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/ebook-api-security-blueprint\/\" target=\"_self\" rel=\"noopener\">\n\t\t\t\t\t\t\tDownload API Security Guide\n\t\t\t\t\t<\/a>\n\t\t\t\t<img decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/08\/Landscape-iPad-Mockup-n4-InnerPage-2.png\" alt=\"Landscape iPad Mockup n4 InnerPage 2\" title=\"Landscape iPad Mockup n4 InnerPage 2\" itemprop=\"image\"  \/>\n<h2>\n\t\tReady to Learn More?\n\t<\/h2>\n\t<p>Developer-first solution for delivering API security as code.<\/p>\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/get-started\/\" target=\"_self\" rel=\"noopener\">\n\t\t\t\t\t\t\tGet Started\n\t\t\t\t\t<\/a>\n\n","protected":false},"excerpt":{"rendered":"<p>API Protection Runtime Content validation, threat detection and traffic throttling API Protection Datasheet API Protection is a critical capability of an API security platform. It relates to the ability to enforce security policies at design and runtime typically using an API micro-firewall. Shift-Left and Shield-Right for API Protection Unlike traditional Appsec testing or firewall tools [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"Validate Runtime Content, Detect Threats &amp; Throttle Traffic","_seopress_titles_desc":"Our API security platform enables security teams throttle traffic, detect &amp; prevent threats and enforce content validation.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-838","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/838"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=838"}],"version-history":[{"count":1,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/838\/revisions"}],"predecessor-version":[{"id":18400,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/838\/revisions\/18400"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}