{"id":1067,"date":"2020-05-31T10:56:12","date_gmt":"2020-05-31T09:56:12","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?p=1067"},"modified":"2023-02-15T15:41:54","modified_gmt":"2023-02-15T15:41:54","slug":"tutorial-fixing-api-security-issues","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/tutorial-fixing-api-security-issues\/","title":{"rendered":"Fixing API Security Issues identified in the Audit Report"},"content":{"rendered":"\n\n\t<p>Tutorials<\/p>\n\n\t<section>\n<p>In our previous tutorial, we took a look at the audit report from API Contract Security Audit. This one proceeds onto fixing the issues found in the audit and see how we can iteratively work on our OpenAPI \/ Swagger definition.<\/p>\n<\/section>\n\t<iframe loading=\"lazy\" width=\"1110\" height=\"624\" src=\"https:\/\/www.youtube.com\/embed\/EUbMnglRoAM\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<h2>\n\t\tNavigating Issues\n\t<\/h2>\n\t<section>\n<p>The best place to start are the high priority issues, they are the fastest way to improve the audit score. For example, in the audit report, click\u00a0<b>Go to Issue<\/b>\u00a0on the first issue in the priority list. You get a view similar to the image on the right.<\/p>\n<p>Here we can see we have seven different places where the issue in question occurs\u00a0<b>(1)\u00a0<\/b>. To go and fix the issue in this particular place, click on\u00a0<b>Fix issue in Editor (2)\u00a0<\/b>. This takes you to the correct spot in your API definition in our built-in Security Editor\u00a0<b>(3)\u00a0<\/b>. By default, the details of the issue and remediation recommendations are shown on the right, but if you have minimized the sidebar, just click\u00a0<b>How to Fix<\/b>\u00a0to view them again.<\/p>\n<\/section>\n<h2>\n\t\tFixing Issues\n\t<\/h2>\n\t<section>\n<section>\n<p>In our example, you can see that the property maxLength of the string is missing and the remediation suggestions on the right\u00a0<b>(1)<\/b>. Once you have edited the file to fix the issue, click\u00a0<b>Save and Re-Test<\/b>\u00a0to update the OpenAPI (Swagger) definition.<\/p>\n<p>The issue is fixed, audit is re-run, and the audit score increases accordingly\u00a0<b>(3)<\/b>.<\/p>\n<p>You can continue to move down the list from here to fix the highest priority issues, or return back to your report and filter the issues as you want.<\/p>\n<\/section>\n<\/section>\n<h2>\n\t\tUpdating the Definition\n\t<\/h2>\n\t<section>\n<p>You can work on your API outside 42Crunch Platform as well, like in your IDE or any other editor, and then upload the updated definition manually in the platform. Or you can automate a workflow to push your changes to your API to the platform as well.<\/p>\n<\/section>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/update-def-04-Custom-1024x511.png\" alt=\"update-def-04 (Custom)\" itemprop=\"image\" height=\"511\" width=\"1024\" title=\"update-def-04 (Custom)\" onerror=\"this.style.display='none'\"  \/>\n\n","protected":false},"excerpt":{"rendered":"<p>This tutorial illustrates how to fix issues found in the API security audit and shows you how to iteratively update your OpenAPI definition.<\/p>\n","protected":false},"author":4,"featured_media":12267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"How to Fix Security Issues in Your OpenAPI File","_seopress_titles_desc":"This tutorial illustrates how to fix issues found in the API security audit and shows you how to iteratively update your OpenAPI definition.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[14,16,25,15],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/1067"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=1067"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/1067\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=1067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=1067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=1067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}