{"id":7350,"date":"2019-03-07T20:58:17","date_gmt":"2019-03-07T20:58:17","guid":{"rendered":"https:\/\/staging-site.42crunch.com\/?p=7350"},"modified":"2022-09-24T13:35:34","modified_gmt":"2022-09-24T12:35:34","slug":"42crunch-announces-the-launch-of-the-first-api-security-platform","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/42crunch-announces-the-launch-of-the-first-api-security-platform\/","title":{"rendered":"42Crunch announces the launch of the first API Security platform"},"content":{"rendered":"<p>IRVINE, CA, USA, March 6, 2019 &#8212;\u00a0<a href=\"https:\/\/42crunch.com\/\" target=\"_blank\" rel=\"external nofollow noopener noreferrer\">42Crunch<\/a>, the leading API security company, announced today the release of the 42Crunch API Platform, the world\u2019s first API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The\u00a0<a href=\"https:\/\/platform.42crunch.com\/\" target=\"_blank\" rel=\"external nofollow noopener noreferrer\">42Crunch Platform<\/a>\u00a0can protect SaaS, Web, or IoT APIs, as well as microservices.<\/p>\n<p>This follows the launch of the free API Contract Security Audit tool at\u00a0<a href=\"https:\/\/apisecurity.io\/tools\/audit\/\" target=\"_blank\" rel=\"external nofollow noopener noreferrer\">APISecurity.io<\/a>\u00a0earlier this month. The tool helps API developers improve their API definitions that follow the OpenAPI Specification into proper API contracts. Now, with this latest release, customers have access to the full 42Crunch Platform.<\/p>\n<p>As APIs have proliferated across application environments, and the quantity and sensitivity of the data they transmit have increased, API attacks have become more frequent and more complex, making them the number one threat for any company. Moreover, APIs allow direct, often public, access to critical data that has traditionally been hidden in data centers.<\/p>\n<p>The market has already seen a huge increase in API attacks over the past few years. API breaches include such big names as Facebook, T-Mobile, Panera Bread, Verizon, and the latest vulnerability disclosures by the United States Postal Service (USPS) and Google+. Gartner predicts that \u201cby 2022, API abuse will be the most frequent attack vector resulting in data breaches for enterprise web applications\u201d.<\/p>\n<p>42Crunch Platform offers a set of integrated services that can be leveraged as part of the APIs\u2019 DevSecOps cycle:<\/p>\n<ul>\n<li>API Contract Security Audit: An exhaustive security audit of the OpenAPI definition, with detailed security scoring that helps developers define and strengthen their API contracts.<\/li>\n<li>API Contract Conformance Scan: A scan of live API endpoints that discovers potential vulnerabilities and discrepancies in your API implementation against the API contract.<\/li>\n<li>API Protection: A straightforward and easy way to protect APIs and apply policies that can be deployed in our lightweight, low-latency, API-native micro firewall. API Firewall automatically enforces traffic based on your API contract and applies security policies to protect API endpoints wherever they are.<\/li>\n<\/ul>\n<p>The traditional approach in web application security requires customers to use a combination of products \u2014 such as SAST, DAST, WAF, RASP, and API management \u2014 to address different security concerns, in different network zones, and at different stages of the application life cycle. This approach is difficult to operate, consolidate, maintain, and deploy.<\/p>\n<p>42Crunch Platform aims to overcome these difficulties. With our platform, enterprises can centrally enforce and monitor corporate security policies, using tools that have been designed both to be API-centric and to work together. Thanks to the combination of the integrated services, security teams get a 360\u00b0 view of the entire API portfolio, including audit grades, usage, prevented attacks, and potential vulnerabilities.<\/p>\n<p>\u201cOur experience at 42Crunch both in the web application security and API integration space made it very clear that API security is the biggest challenge for security teams today, and that we had to change the way companies can protect their applications and data in a much more holistic, integrated, and simple way than they do today in web application security\u201d, Jacques Declas adds.<\/p>\n<p>APIs are not web applications. APIs have unique logic, unique authentication and authorization mechanisms, and unique vulnerabilities. They can be consumed by humans, machines, or other APIs. Traditional security solutions only focus on known attack types and lack granular understanding of these aforementioned aspects of APIs. This makes the traditional solutions incapable of detecting or preventing attacks that exploit the vulnerabilities unique to APIs.<\/p>\n<p>42Crunch\u2019s approach is to start with the API contract and to offer developers tools to help them define that contract to be very strict. The API contract becomes the core of the positive security model of our API Firewall, and policies are tailored automatically to each and every API. This virtually eliminates false positives and false negatives, and does not require training any AI for weeks on end to learn the model. API Contract Conformance Scan completes the loop by automating tests based on the API contract, allowing to refine both the API contract itself and the policies attached to the API.<\/p>\n<p>API development is agile and fast-paced. Manual approaches to API security are doomed to fail, because you cannot just apply security once and forget about it. Instead, enterprises need to inject security checks as early as possible in the API lifecycle and continuously test and apply proper policies as existing API evolves and new APIs are built. We have designed our platform in such a way that the entire flow through the platform (Audit, Scan, Protect) can be automated and attached to the CI\/CD pipeline, efficiently enabling a DevSecOps approach.<\/p>\n<p>The distributed nature of API deployments means that you need to enforce security right in front of the API, in any network zone, in any combination of endpoint locations, whether on-premises or in a public or private cloud. It also means that you must handle the east-west traffic as well as the north-south traffic.<\/p>\n<p>The API Firewall of 42Crunch Platform can be deployed in Kubernetes and Docker, on public clouds (Amazon, Azure, Google), or on the customer\u2019s private cloud in a matter of minutes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IRVINE, CA, USA, March 6, 2019 &#8212;\u00a042Crunch, the leading API security company, announced today the release of the 42Crunch API Platform, the world\u2019s first API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The\u00a042Crunch Platform\u00a0can protect SaaS, Web, or IoT APIs, as well as microservices. This follows the launch of [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":11562,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"42Crunch launches the world&#039;s first API security cloud platform","_seopress_titles_desc":"42Crunch announce the release of the first API security cloud platform to discover API vulnerabilities and protect API from attacks.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[13],"tags":[22],"class_list":["post-7350","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-api-security-platform"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/7350"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=7350"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/7350\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/11562"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=7350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=7350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=7350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}