42Crunch, creator of the industry’s first API Firewall, has announced the latest release of its API security platform with enhanced tools for developers to easily define security in OpenAPI contracts, enabling an agile DevSecOps experience, and providing full visibility into each individual API’s security landscape. API security API security is complex and becomes a bottleneck when not implemented properly. Adopting a shift-left approach will allow enterprises to ensure security through simplification, automation and collaboration by delivering security as code - this starts with development. 42Crunch empowers developers with tools to define security in API contracts. The newest enhancements provide developers with a single pane of glass to: Run 200+ security checks of the OpenAPI specification definition, with detailed feedback for security improvements Easily view security issues in-line with contract based on severity level And make edits directly in the new web user interface Automated security platform Developers are the most valuable intelligence in delivering better, simpler, automated API Security" “We believe developers are the most valuable intelligence when it comes to delivering better, simpler, automated API Security,” says Jacques Declas, CEO and founder of 42Crunch. “By using API contracts at the heart of security, you’re empowering them to be the driving force in defining security requirements and identifying risks from day one.” 42Crunch has also recently launched an OpenAPI (Swagger) Editor for VS Code as part of an overall strategy to simplify security, and empower developers with tools to easily deliver security as code. The extension has been well received with a 5 star rating, and more than 15,000 downloads in under 7 weeks. Integrated tools Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle.
42Crunch, API security pioneer and creator of the industry’s first API Firewall, announces the latest release of its API security platform with full support for Kubernetes environments. This new solution allows organisations to easily automate API security across Kubernetes environments – enabling the zero-trust architecture needed to protect each microservice, and scale without risk. The rapid adoption of microservices architectures and Kubernetes lead to proliferation of APIs exposed by these microservices. Developers employ agile practices to quickly iterate on these microservices. Combined, these trends lead to hundreds if not thousands of rapidly changing APIs that modern enterprises often host and need to secure. Fully automated platform Traditional solutions such as Web Application Firewalls (WAF) and API Management tools rely on static rules and policies, and edge protection. While these solutions provide some security functionality within your environment, they still leave the individual microservices vulnerable to API attacks. 42Crunch extends security beyond the edge of the enterprise to each individual microservice Through a fully automated platform, 42Crunch extends security beyond the edge of the enterprise to each individual microservice, protecting them with an ultra-low latency micro API firewall that can be deployed at scale. 42Crunch API firewall is merely 20 MB in size and when deployed in sidecar proxy mode in Kubernetes pods enforces API security with sub-millisecond overhead. This eliminates the manual process of writing and maintaining individual API security policies, and enforces a zero-trust security architecture. Discover potential vulnerabilities “Since the initial launch of the 42Crunch API Security platform our customers have informed us that edge protection is no longer enough,” says Jacques Declas, CEO and founder of 42Crunch. “We are excited to make our Kubernetes-native API protection commercially available. Now the teams working on large numbers of microservices can be sure that each and every one of them automatically stays secure throughout its lifecycle.” In addition, 42Crunch’s unique approach integrates with companies’ DevSecOps pipeline and delivers automated API security across the whole API lifecycle: AUDIT: Run 200+ security audit tests of the OpenAPI specification definition with detailed security scoring to help developers define and strengthen API contract. SCAN: Scan live API endpoints to discover potential vulnerabilities and discrepancies of the API implementation against the API contract. PROTECT: Launch service to protect APIs and apply policies that can be deployed in our lightweight, low-latency micro API firewall. 42Crunch will be participating in RSA Asia Pacific & Japan 2019 as both an exhibitor and speaker. Join Matthieu Estrade, CTO, on Thursday for his talk: ‘API Security: Learning from the 20 Years of AppSec Failures,’ located in Orchid 4203. Visit the 42Crunch team at booth 1708 to learn more about how we can help you automate API security in your microservices environment.