{"id":722,"date":"2020-06-08T14:10:58","date_gmt":"2020-06-08T13:10:58","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?p=722"},"modified":"2023-02-15T15:46:17","modified_gmt":"2023-02-15T15:46:17","slug":"tutorial-api-security-audit","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/tutorial-api-security-audit\/","title":{"rendered":"OpenAPI (Swagger) Security Audit on the 42Crunch Platform"},"content":{"rendered":"\r\n\r\n\t<p>Tutorials<\/p>\r\n\r\n\t<section>\r\n<p>Now that you have had an overview of the platform, let&#8217;s get started by importing an API for security audit.<\/p>\r\n<\/section>\r\n\t<iframe loading=\"lazy\" width=\"1110\" height=\"624\" src=\"https:\/\/www.youtube.com\/embed\/ytOynaNBLGo\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\r\n<h2>\r\n\t\tImporting APIs\r\n\t<\/h2>\r\n\t<p>To import an OpenAPI (formerly Swagger) definition, click\u00a0<b>Import API (1)<\/b>\u00a0to upload your JSON file. These files contain all the basic information and documentation on how your API functions.<\/p>\r\n<p>As mentioned in the platform overview tutorial,\u00a0<b>(2) APIs are grouped into collections<\/b>. If you have not yet created a collection, you can do it when you upload the file, or choose an existing collection.\u00a0<b>(3) Click Browse<\/b>\u00a0to pick the JSON file you want to upload. The API name is pre-populated based on the name of the file, but you can change it if you want.<\/p>\r\n<p>Click Import, and you are on your way to securing your API contract!<\/p>\r\n<p><i><b>Tip:<\/b>\u00a0To automate importing OpenAPI \/ Swagger definitions, you integrate it with your CI\/CD pipeline.<\/i><\/p>\r\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/sec-audit-import-Custom-1024x847.png\" alt=\"sec-audit-import (Custom)\" itemprop=\"image\" height=\"847\" width=\"1024\" title=\"sec-audit-import (Custom)\" onerror=\"this.style.display='none'\"  \/>\r\n<h2>\r\n\t\tAudit Results\r\n\t<\/h2>\r\n\t<section>\r\n<p>When you import an API definition, API Contract Security Audit runs 300+ checks on it and returns a report in seconds. The audit is based on the security best practices of the industry standard, the OpenAPI Specification. Your API gets a score from 1 to 100 based on how secure it is\u00a0<b>(1)<\/b>\u00a0To view the details of the audit report and the found issues,\u00a0<b>click Read Report (2).<\/b><\/p>\r\n<p>The audit report outlines all the issues in the well-formedness and security of your API definition, ranks the security risks by severity, and shows you how you can fix the found issues.<\/p>\r\n<\/section>\r\n<h2>\r\n\t\tUpdating API Definitions\r\n\t<\/h2>\r\n<p>If you change an OpenAPI (Swagger) definition you have already uploaded to 42Crunch Platform, you can update the changes to the platform as well. Click the gear on the right, and select\u00a0<b>(1) Update Definition<\/b>. Click on\u00a0<b>Browse<\/b>\u00a0to pick your file, and click\u00a0<b>Upload Definition (2)<\/b>.<\/p>\r\n<p><i><b>Tip:<\/b> Again, to automate importing OpenAPI \/ Swagger definitions, you integrate it with your CI\/CD pipeline.<\/i><\/p>\r\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/update-definition-Custom-1024x511.png\" alt=\"update-definition (Custom)\" itemprop=\"image\" height=\"511\" width=\"1024\" title=\"update-definition (Custom)\" onerror=\"this.style.display='none'\"  \/>\r\n\r\n","protected":false},"excerpt":{"rendered":"<p>Shows how to import the OpenAPI (Swagger) definition file, run the security audit and view the security report. <\/p>\n","protected":false},"author":4,"featured_media":12267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"API Security Audit Explained 42Crunch","_seopress_titles_desc":"API Audit tutorial: Shows how to import the OpenAPI (Swagger) specification file, run the security audit on your API swagger file and view the security report. \r\n","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[22,16,25],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/722"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=722"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/722\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}