This 42Crunch Platform release introduces non-blocking mode in API Firewall, the integration of Security Audit report and Security Editor, and the improved issue view for the audit issues.
Compatibility
This release is compatible with the following API Firewall images:
42crunch/apifirewall:v0.8.0
42crunch/apifirewall:v0.7.1
All previous image versions have been deprecated and are not compatible with this version of the platform.
New features
The following are the new features and improvements to the existing ones in this release.
Non-blocking mode for API Firewall
API Firewall now has an additional operation model called non-blocking mode:
API Firewall instances protecting your API execute security policies normally but do not block any transactions, only report on what would have been blocked.
Use non-blocking mode to:
Test how API Firewall affects your existing API traffic without affecting your API consumers.
Discover API requests and endpoints that currently go unnoticed.
Troubleshoot problems.
Dashboards are populated normally, so you can easily see what would have happened.
Note that in non-blocking mode your API is not protected and remains vulnerable.
Viewing the issues that Security Audit discovered has been improved in both the audit report and Security Editor
View your code and the issue details side by side in the audit report as well.
Jump to the next or previous issue in the audit report directly in the issue view.
Filter the shown issues in Security Editor by severity to home in on the most critical ones first.
Click issues listed in Security Editor to view the message inline.
Choose which you rather see in Security Editor, the issue details or the issue list — clicking an issue no longer automatically opens the issue details, so that it is easier to get the overall picture.
Expand the issue details in Security Editor to full screen for better readability.