{"id":9620,"date":"2020-10-07T08:45:13","date_gmt":"2020-10-07T07:45:13","guid":{"rendered":"https:\/\/staging-site.42crunch.com\/?p=9620"},"modified":"2022-09-24T13:23:34","modified_gmt":"2022-09-24T12:23:34","slug":"new-openapi-static-security-audit-in-github-code-scanning","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/new-openapi-static-security-audit-in-github-code-scanning\/","title":{"rendered":"42Crunch Releases OpenAPI Static Security Audit in GitHub Code Scanning"},"content":{"rendered":"<p><b>IRVINE, CA, OCTOBER 7, 2020<\/b><span style=\"font-weight: 400;\"> \u2014 <\/span><span style=\"font-weight: 400;\">Today, the API security leader and creator of the industry\u2019s first API Firewall, 42Crunch,<\/span><span style=\"font-weight: 400;\"> announced the availability of its <\/span><a href=\"https:\/\/github.com\/marketplace\/actions\/42crunch-rest-api-static-security-testing\"><span style=\"font-weight: 400;\">REST API Static Security Testing<\/span><\/a><span style=\"font-weight: 400;\"> with\u00a0 <\/span><a href=\"https:\/\/github.blog\/2020-09-30-code-scanning-is-now-available\/\"><span style=\"font-weight: 400;\">GitHub code scanning<\/span><\/a><span style=\"font-weight: 400;\">. By adding 42Crunch to code scanning, developers can include REST API OpenAPI \/ Swagger definitions within static security tests.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Most of today\u2019s applications are driven by APIs. The transition to cloud-native architectures, microservices, serverless, single-page, IoT, and mobile applications lead to proliferation of APIs. What used to be components of monolithic applications communicating within a single server are now standalone APIs talking to each other over the network.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This significantly expanded the attack area and led to the rise of API attacks. In fact, there\u2019s now not a single week without new high profile API vulnerabilities reported by the popular API security news site <\/span><a href=\"https:\/\/apisecurity.io\"><span style=\"font-weight: 400;\">APIsecurity.io<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><a href=\"https:\/\/www.gartner.com\/en\/documents\/3834704\/how-to-build-an-effective-api-security-strategy\"><span style=\"font-weight: 400;\">Gartner estimates<\/span><\/a><span style=\"font-weight: 400;\"> that by 2022 APIs will become the most common attack vector.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Having direct access to applications\u2019 backend services and databases with sensitive customer data, APIs are a lucrative target. API breaches can have significant business, public image, and financial impact.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">At the same time, companies now have hundreds if not thousands of APIs. These APIs are constantly changing as teams adopt agile methodologies and continuously iterate over their functionality. Old approaches of manual review and approval processes and static runtime rules can no longer serve as the foundation for securing such complex dynamic systems.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The best way to provide cost-effective security for APIs is to \u201cshift-left\u201d and establish security measures across the whole API lifecycle: from design, to development, testing, and run-time protection and ideally doing so automatically without human interaction<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Available as a GitHub Action, <\/span><a href=\"https:\/\/github.com\/marketplace\/actions\/42crunch-rest-api-static-security-testing\"><span style=\"font-weight: 400;\">REST API Static Security Testing<\/span><\/a><span style=\"font-weight: 400;\"> allows users to:<\/span><\/p>\n<ul>\n<li><b>Discover<\/b><span style=\"font-weight: 400;\"> REST APIs in their GitHub repositories<\/span><\/li>\n<li><b>Audit<\/b><span style=\"font-weight: 400;\"> each API with 200+ security checks from 42Crunch covering industry best practices across authentication, authorization, transport, and data validation<\/span><\/li>\n<li><b>Analyze<\/b><span style=\"font-weight: 400;\"> the discovered vulnerabilities by looking into the details provided for each vulnerability within GitHub code scanning alerts<\/span><\/li>\n<li><b>Fix<span style=\"font-weight: 400;\"> the vulnerabilities by going through the prioritized alert list and fixing the issues with remediation suggestions provided for each alert<\/span><\/b><\/li>\n<li><strong>Enforce<\/strong><span style=\"font-weight: 400;\"> security by setting criteria for your CI\/CD workflows and automated Pull Request checks<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">\u201cGitHub is the world\u2019s leading software development collaboration platform,\u201d says Dmitry Sotnikov, Chief Product Officer at 42Crunch. \u201cWe are happy to see Static Application Security Testing (SAST) to now become a standard feature of GitHub through code scanning and happy to provide our integration to handle the API security part of it.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cGitHub code scanning is a major step on our journey to help open source and enterprise developers build secure software,\u201d says John Leon, VP of Business Development at GitHub. \u201cAdding 42Crunch\u2019s security audit for REST APIs to GitHub code scanning tests will provide additional insight and security capabilities for developers.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You can find out more by visiting the <\/span><a href=\"https:\/\/github.com\/marketplace\/actions\/42crunch-rest-api-static-security-testing\"><span style=\"font-weight: 400;\">42Crunch REST API Static Security Testing page<\/span><\/a><span style=\"font-weight: 400;\"> in the GitHub Marketplace.<\/span><\/p>\n<p><strong>About 42Crunch<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, 42Crunch Platform empowers development, security, and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code, you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit<\/span><a href=\"https:\/\/42crunch.com\"> <span style=\"font-weight: 400;\">https:\/\/42crunch.com<\/span><\/a><span style=\"font-weight: 400;\"> to learn more.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Visit our online community<\/span><a href=\"https:\/\/apisecurity.io\"> <span style=\"font-weight: 400;\">https:\/\/APIsecurity.io<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IRVINE, CA, OCTOBER 7, 2020 \u2014 Today, the API security leader and creator of the industry\u2019s first API Firewall, 42Crunch, announced the availability of its REST API Static Security Testing with\u00a0 GitHub code scanning. By adding 42Crunch to code scanning, developers can include REST API OpenAPI \/ Swagger definitions within static security tests. Most of [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":11364,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"42Crunch Releases Security Audit in GitHub Code Scanning","_seopress_titles_desc":"42Crunch announce availability of its REST API Static Security Testing tool, API Audit, in\u00a0GitHub code scanning.\r\n","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[13],"tags":[22,25],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/9620"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=9620"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/9620\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/11364"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=9620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=9620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=9620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}