42Crunch Platform release, June 2019

This 42Crunch Platform release improves the user experience and performance of the platform, and introduces a couple of new features (preview).

Compatibility

This release is compatible with the following API Firewall images:

  • apifirewall:v0.6.1
  • apifirewall:v0.6.0
  • apifirewall:v0.5.1

New features

42Crunch Platform has gotten a facelift with new user experience, together with the following new features and enhancements:

  • Key enhancements to the reports that API Contract Security Audit produces
  • Full user management for organization administrators
  • Support for DevSecOps using our REST API

API Contract Security Audit

API Contract Security Audit report includes the following improvements:

  • Direct navigation from issues list to issue details
  • Top Priority Issues: list of issues which have the biggest impact on the audit score of the API
  • Detailed view for each issue, with inline view of the OpenAPI file and the remediation articles from the API Security Encyclopedia on APIsecurity.io

Users and credentials management

Organization admins can now manage users in their organizations from their own user profile settings:

  • Add users to the organization of your enterprise or delete user accounts as needed
  • Promote new organization admins
  • Force password reset for users
  • Lock user accounts

In addition, all users can recover forgotten passwords from the platform login page.

For more details, see Users and organizations.

Support for DevSecOps

42Crunch customers can automate API Protection by calling the 42Crunch Platform REST API, for example from their CI/CD pipeline.

To invoke the platform API, users must use API tokens. On the new user interface, each platform user can:

  • Create tokens
  • Revoke tokens
  • Manage the access rights (scopes) that each API token gets

For more details, see API tokens.

Developer flow integration with Visual Studio Code plugin

Developers can now leverage our Visual Studio Code (VS Code) plugin when editing OpenAPI (formerly known as Swagger) v2 and v3 files. This plugin adds support for OpenAPI Specification to familiar features, such as:

  • IntelliSense,
  • Linting
  • Schema enforcement
  • Code navigation
  • Definition links
  • Snippets
 

Additionally, the following preview (beta) features are available.

API Contract Conformance Scan

  • The scan report format has been improved to align with report format of Security Audit, and for easier consuming and parsing of the JSON responses.
  • The messages in the report have been clarified for better readability.

For more details, see API Contract Conformance Scan.

Multi-cloud/multi-environment support in API Protection

Generate multiple protection tokens for your API, and use these tokens to enable and manage deploying API Protection for your API in multiple clouds or environments at the same time.

For more details, see Protection tokens.

Logs management in API Protection

  • API Firewall logs automatically published to 42Crunch Platform
  • Aggregation of logs across all API Firewall instances
  • Searchable transaction logs per API

For more details, see API monitoring.

Security dashboards

Security dashboards give you an instant view into the security issues that API Firewall detects, including:

  • Top 10 IP of rejected requests: The source IP addresses that sent the most of the requests that the firewall has blocked.
  • Top 10 issues in blocked requests: The most common issues in the transactions that API Firewall has blocked by enforcing your API definition.
  • Top 10 HTTP status codes: The most frequent HTTP status codes in your API responses.
  • Top 10 paths: The most called operations paths that the API endpoint has received.

For more details, see Security dashboards.