Today, API security provider and creator of REST API DevSecOps tooling and an API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Microsoft Azure Pipelines. This extension enables companies to enforce secure API design right from their CI/CD pipeline. With REST API proliferation and REST APIs becoming one of the top attack vectors, ensuring that all APIs that a company develops and hosts are secure by design can be a problem. And with CI/CD, any new API or any modification to existing APIs that developers add can get pushed to production without proper checks on security. Up until now, there has been no extension in the Azure marketplace that would have been specifically geared for the static analysis of REST API security.
The new 42Crunch extension for Microsoft Azure Pipelines allows companies to add REST API static security testing (SAST) right into their CI/CD pipeline. The benefits include:
- Reduced risk of breach : Locate API contract files in the repository and run 200+ security checks covering OpenAPI standard requirements, authentication, authorization, and both incoming and outgoing data validation. This makes sure that no new or changed API can pass the test and get deployed to production if it does not meet your security standards.
- Reduced fixing costs : Find and report security flaws at each pipeline run, providing immediate feedback to R&D.
- Increased R&D efficiency : 42Crunch API Contract Security Audit does not give false positives. Every issue reported is worth looking into. Issues are prioritized by impact, so developers know where to start. Every issue comes with a detailed knowledge base article explaining the issue, its severity, exploit scenario, and ways to fix it.
“Modern software development trends, such as cloud-native architectures, microservices, and serverless, have led to companies spinning up hundreds or even thousands of APIs,” says Jacques Declas, the CEO and founder of 42Crunch.
“Agile processes and DevOps lead to new APIs being developed and existing APIs getting changed every day. No manual policies or checks can ensure that they are all securely designed and follow all the modern API security best practices. Today, 42Crunch is releasing an off-the-shelf API security extension for Azure DevOps to allow Azure Pipelines customers to automatically discover APIs built by their pipelines, and ensure that these APIs are secure by design.”
“DevSecOps has become the way for teams to stay agile and deliver business value while maintaining a high level of systems security,” says Steven Murawski, Cloud Advocate at Microsoft. “While Azure Pipelines already had security testing extensions for various parts of the application stack, there had been a glaring gap of the one specifically designed for REST APIs. We are happy to see 42Crunch bridge that gap with their solution.”