{"id":9984,"date":"2021-03-23T17:36:55","date_gmt":"2021-03-23T17:36:55","guid":{"rendered":"https:\/\/staging-site.42crunch.com\/?p=9984"},"modified":"2022-11-23T17:35:21","modified_gmt":"2022-11-23T17:35:21","slug":"42crunch-api-security-platform-march-2021-release","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/42crunch-api-security-platform-march-2021-release\/","title":{"rendered":"42Crunch API Security Platform March 2021 Release"},"content":{"rendered":"

Today we are happy to announce the global availability of the latest version of the 42Crunch API Security Platform. We have updated our community deployment used by thousands of API developers worldwide, our IDE plugins, online tools, and deployments used by our enterprise customers.<\/p>\n

Below is a summary of the biggest new features and improvements.<\/p>\n

Complex OpenAPI Security Audit<\/h2>\n

42Crunch Security Audit<\/a> is the foundation of API security. It is hard to reliably test and protect what you do not know.<\/p>\n

42Crunch Security Audit includes 200+ static analysis security checks for OpenAPI format conformance, authentication, authorization, transport, data validation, and API security best practices. In the past, there were limitations to the complexity of the contracts that could be audited. Not anymore. Now any OpenAPI files up to 10 MB in file size can be audited.<\/p>\n

We also made the security audit compatible with some OpenAPI format issues that in the past were blocking the audit. Thus, pretty much any API contracts sufficiently following the standard can now be analyzed.<\/p>\n

This change is live both in our online platforms and all our plugins: IDE, CI\/CD, repository, SonarQube<\/a>.<\/p>\n

Private Cloud Conformance Scan<\/h2>\n

42Crunch Conformance Scan<\/a> is the dynamic testing part of the 42Crunch suite. It used to only run from the cloud, which created connectivity and client confidentiality issues. After all, many companies want to test internal or pre-production APIs that are not accessible from the internet and do not have a dedicated 42Crunch deployment.<\/p>\n

Now, with Private cloud scan<\/a>, you can run the 42Crunch scan agent on any computer by simply using the docker image or a centralized Kubernetes deployment and simply supply the id of the scan configuration and whatever custom parameters (like access token and endpoint URL) that you want to be changed for that run.<\/p>\n

\"\"<\/p>\n

With that change, we are also making on-premises scan available to all our community users.<\/p>\n

JWT, Security Headers, Rate Limit Protections<\/h2>\n

We have released a set of extensions to the OpenAPI standard that allow taking API runtime protection to the next level<\/a>:<\/p>\n