42Crunch Platform release, September 9, 2019

This 42Crunch Platform release introduces non-blocking mode in API Firewall, the integration of Security Audit report and Security Editor, and the improved issue view for the audit issues.

Compatibility

This release is compatible with the following API Firewall images:

  • 42crunch/apifirewall:v0.8.0
  • 42crunch/apifirewall:v0.7.1

All previous image versions have been deprecated and are not compatible with this version of the platform.

New features

The following are the new features and improvements to the existing ones in this release.

Non-blocking mode for API Firewall

API Firewall now has an additional operation model called non-blocking mode:

  • API Firewall instances protecting your API execute security policies normally but do not block any transactions, only report on what would have been blocked.
  • Use non-blocking mode to:
    • Test how API Firewall affects your existing API traffic without affecting your API consumers.
    • Discover API requests and endpoints that currently go unnoticed.
    • Troubleshoot problems.
  • Dashboards are populated normally, so you can easily see what would have happened.

Note that in non-blocking mode your API is not protected and remains vulnerable.

For more details, see API Firewall blocking level.

Integrated Security Audit report and Security Editor

Security Editor has now a tighter integration with the Security Audit report:

  • Easily navigate back and forth between the report and the editor.
  • Find the core issues to fix in the report, and hop to the right spot in the editor with one click.
  • After fixing an issue, run the audit again in the editor, and hop back to the report.

For more details, see View audit reports.

Improved audit issue view

Viewing the issues that Security Audit discovered has been improved in both the audit report and Security Editor

  • View your code and the issue details side by side in the audit report as well.
  • Jump to the next or previous issue in the audit report directly in the issue view.
  • Filter the shown issues in Security Editor by severity to home in on the most critical ones first.
  • Click issues listed in Security Editor to view the message inline.
  • Choose which you rather see in Security Editor, the issue details or the issue list — clicking an issue no longer automatically opens the issue details, so that it is easier to get the overall picture.
  • Expand the issue details in Security Editor to full screen for better readability.

For more details, see Fix APIs in Security Editor.

UX improvements

There are also smaller additions to improve the user experience:

  • Find the API collections you have recently viewed quickly under the main menu on the left, or create a new one.
  • Jump to view the audit and scan reports directly from the API collection by clicking the number of found issues on an API.