Positive Security for APIs: what it is and why you need it!

When visiting prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way to […]

Continue reading


Deploying DevSecOps for APIs: a tale of shifting left…

DevSecOps is a hot topic at the moment, and particularly relevant when dealing with API development. APIs are growing at an exponential rate: not only  are they the backbone of any application, but microservices architecture imply exposing internal APIs for every microservice or group of microservices. The average number of APIs to protect within an […]

Continue reading


Thank You for Joining Us at API World

We hope that you have had some time to catch up from API World last week! Thank you for stopping by our booth and sessions. Below are a few things that you may be interested in: 42Crunch Collateral: OWASP API Security Top 10 Cheat Sheet: http://bit.ly/2Bcjoms 42Crunch Overview: http://bit.ly/2MECCXe   Presentation Slides:   The Dev, Sec […]

Continue reading


Addressing Harbor Registry Vulnerability with 42Crunch

Hot from the press! There is a mass assignment vulnerability in the Harbor registry. Mass assignment is entry A6 on the OWASP API Security Top 10 list. A6 is described in the OWASP API Security Top 10 as: An API endpoint is vulnerable if it automatically converts client parameters into internal object properties without considering […]

Continue reading


Join 42Crunch at the API Specifications Conference

Come hang out with 42Crunch at the API Specifications Conference this October in Vancouver!   OpenAPI Initiative’s API Specifications Conference (ASC) is a place for API practitioners to come together and discuss the evolution of API technology. ASC includes cutting edge technology keynotes and sessions that chart the future of APIs, in-depth specification and standards […]

Continue reading


API Security is not Web Application Security!

When we started 42Crunch 3 years ago, we were convinced that a new market segment would emerge: API security. And the market is now catching up with our vision! This is exemplified by the recent release of the OWASP Top 10 for API Security threats document, which highlights threats that do not apply to traditional […]

Continue reading


Revolutionizing API Security – 42Crunch + Digital Anarchist

42Crunch CEO, Jacques Declas, sat down with Alan Shimel of Digital Anarchist at this year’s RSA APJ show to discuss new trends in API Security, DevSecOps, and what tools you need to keep up!   [Alan Shimel] Hey everyone, it’s Alan Shimel for DevOps.com Security Boulevard. We’re here in Singapore at RSA APJ. We’re right […]

Continue reading