The 42Crunch platform provides a set of automated tools to easily secure your entire API infrastructure by building security into OpenAPI contracts, and enforcing those policies throughout the entire lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of your APIs.
42Crunch executes 200+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible. Audit reports are also delivered right to the developer’s IDE, allowing them to easily take action without the need to use specific tools. Therefore, required security is declared instead of developed/maintained manually across multiple tools/environments.
Once the contract has reached a satisfactory audit score, 42Crunch will test the live API endpoints to uncover potential vulnerabilities and discrepancies of implementation against the contract.
Finally, the API contract is used to protect APIs using our micro API firewall. The runtime is fully optimized to be deployed and run on any container orchestrator such as Docker, Kubernetes or Amazon ECS. It can protect North-South and East-West microservices traffic. With minimal latency and footprint, it can be deployed against hundreds of API endpoints with minimal impact.
Addresses unique API security requirements across data validation, authentication, authorization, confidentiality and integrity.
The API Contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.
Easily push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.
Thanks to its low footprint & ultra-low latency, 42Crunch micro API Firewall can be deployed at scale on any Docker orchestrator.
The intuitive interface makes it easy to get started on day one, and provides real-time Security dashboards with actionable data.
Enables a seamless DevSecOps experience from API development to deployment through automated process across all teams.
Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.
Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API.
Audit your OpenAPI contract against 200+ security vulnerabilities, we’ll rank them by severity level and tell you exactly how to fix them – making security a seamless part of your development lifecycle
Enforce a zero-trust architecture by ensuring all your APIs meet a set security standard before production, scan the live API endpoints for potential vulnerabilities, and automate redeployment.
Ensure security of all your APIs from design to deployment, get detailed insight about attacks on APIs in production – and protect against threats – without impacting performance.
You can use our API firewall to equally protect north-south and east-west traffic. Thanks to its low footprint, it can be deployed at scale on any container orchestrator such as Kubernetes, Amazon ECS or Red Hat OpenShift(®).
Our runtime is fully compatible with existing API management solutions or API gateways and with microservices-based architectures. We support the sidecar proxy and gateway deployment models.
Want to learn more? Here are some resources to help you out!
Looking to make OpenAPI editing easier in VS Code? Or want to check how secure your API is? Check out our free tools.
Information on the risks, guidelines, and fixes relating to the OpenAPI Specification. Both OAS v2 and v3 are available!
Ready to get started? We have some short video tutorials for audit, scan and protection to help get you up and running as fast as possible.