{"id":17814,"date":"2023-12-05T14:56:05","date_gmt":"2023-12-05T14:56:05","guid":{"rendered":"https:\/\/staging2022.42crunch.com\/?p=17814"},"modified":"2024-04-24T15:52:13","modified_gmt":"2024-04-24T14:52:13","slug":"tutorial-security-conformance-scan-openapi-swagger-extension-vs-code","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/tutorial-security-conformance-scan-openapi-swagger-extension-vs-code\/","title":{"rendered":"API Security &#038; Conformance Scan using OpenAPI Swagger Editor Extension in VS Code"},"content":{"rendered":"\n\n\t<p>Tutorials<\/p>\n\n\t<section>\n<section>\n<p>A <a href=\"https:\/\/staging2022.42crunch.com\/api-conformance-scan\/\">dynamic security scan<\/a> of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities such as BOLA and BFLA. The tutorial videos below are for OpenAPI Editor in Microsoft Visual Studio Code (VS Code). API Scan is also available on the 42Crunch Platform and in GitHub Actions CI\/CD.<\/p>\n<\/section>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/884864394?h=b167153ec4&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tActivate API Scan CLI\n\t<\/h2>\n\t<section>\n<p>You can run the <a href=\"https:\/\/staging2022.42crunch.com\/api-conformance-scan\/\">dynamic API Scan security test<\/a> locally on your machine without having to share the API. The video explains how. if you are a paying customer you can run the scan in your IDE on local APIs or on APIs in your customer account on the 42Crunch platform<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/889847463?h=9e86772bb9&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/919389375?h=41ea756320&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tOverview of the Scan Configuration\n\t<\/h2>\n\t<p>Explanation of the Scan configuration view where you configure and run your scan tests<\/p>\n<h2>\n\t\tRunning your first API Scan\n\t<\/h2>\n\t<section>\n<p>Learn how to configure and run your first API Scan and read the results<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/890193798?h=5d973f3738&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/890247418?h=24935ed70d&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tAPI Request Chaining\n\t<\/h2>\n\t<section>\n<p>You can add additional operations and requests to your scan configuration scenario to create more complex test scenarios. Take a look at the video explainer.<\/p>\n<\/section>\n<h2>\n\t\tCreate Test Resources using Global Blocks\n\t<\/h2>\n\t<section>\n<p>Set up and tear down test resources or create test states to test the API using before and after blocks e.g. Create a new test user account, run tests and then delete the new user<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/919459346?h=c947a2ca41&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/890206022?h=d08ef6b01d&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tAPI Testing with Dynamic Authentication\n\t<\/h2>\n\t<section>\n<p>Authentication tokens such as OAuth or an API key may be required In order to test your API. Find out how to configure the scan for dynamic authentication.<\/p>\n<\/section>\n<h2>\n\t\tTest for Broken Authorization\n\t<\/h2>\n\t<section>\n<p>Find out how to test your APIs for Authorization vulnerabilities such as OWASP API 01:2023 &#8211; Broken Object Level Authorization (BOLA) or OWASP API 05:2023 &#8211; Broken Functional Level Authorization (BFLA) using the 42Crunch API Scan tool.<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/921897781?h=cecfa93ad5&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\n","protected":false},"excerpt":{"rendered":"<p>Tutorial on how to run the 42Crunch API security Scan from the OpenAPI (Swagger) Editor extension in VS Code and how to navigate the results.<\/p>\n","protected":false},"author":7,"featured_media":12267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"API Security and Conformance Scan on the OpenAPI (Swagger) Editor Extension for VS Code ","_seopress_titles_desc":"Tutorial on how to run the 42Crunch API security and conformance scan from the OpenAPI (Swagger) Editor extension in VS Code and how to navigate the report.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"disabled","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[22,16,19],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/17814"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=17814"}],"version-history":[{"count":10,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/17814\/revisions"}],"predecessor-version":[{"id":18573,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/17814\/revisions\/18573"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=17814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=17814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=17814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}