The 42Crunch August 2019 release introduces a new API firewall non-blocking mode so you can test how it affects your existing API traffic without impacting consumers, a deeper integration between the security audit and editor for seamless navigation, and an enhanced audit issue view for faster editing. (See the release notes for additional details on full list of updates.)
New Feature Highlights
API Firewall Non-blocking Mode
42Crunch leverages the API contract to enforce security using our micro API firewall. The runtime is fully optimized to be deployed and run in Kubernetes environment and can protect North-South and East-West microservices traffic. With minimal latency and footprint, it can be deployed against hundreds of API endpoints with minimal impact.
When configured in non-blocking mode, API Firewall instances protecting your API execute security policies normally but do not block any transactions, only report on what would have been blocked. This allows users to:
- Test how API Firewall affects your existing API traffic without impacting your API consumers
- Discover API requests and endpoints that currently go unnoticed
- Troubleshoot problems
Dashboards are populated normally, so you can easily see what would have happened.
Integrated Security Audit report and Security Editor
The security editor has now a tighter integration with the audit report viewer. Users can:
- Easily navigate back and forth between the report and the editor
- Quickly find the core issues to fix in the report by toggling between the audit report and editor
Improved Audit Issue View
Viewing the issues that Security Audit discovered has been improved in both the audit report and Security Editor: that enhances the capacity to view, navigate and fix issues uncovered by the Audit – helping developers to quickly edit their contracts.
- View your code and the issue details side by side in the audit report
- Jump to the next or previous issue in the audit report directly in the issue view
- Filter the shown issues in Security Editor by severity to address most critical first
- Click issues listed in Security Editor to view the message inline.
- Choose which you rather see in Security Editor, the issue details or the issue list — clicking an issue no longer automatically opens the issue details, so that it is easier to get the overall picture
- Expand the issue details in Security Editor to full screen for better readability
For news on all things API – visit APIsecurity.io and sign up for the weekly newsletter.