In a move to address the growing significance of API-centric cloud applications, 42Crunch, an API DevSecOps platform, announced that it has integrated its API security audit and vulnerability testing solution with Microsoft (News - Alert) Defender for Cloud. This collaboration will provide Microsoft customers with comprehensive API protection throughout the entire lifecycle, from design to runtime.
With APIs becoming increasingly integral to data exchange in cloud applications, their exposure to potential threats has also risen significantly. Now developers will be able to identify and rectify API vulnerabilities, ensuring centralized governance and enhanced security for APIs.
“This partnership between Microsoft and 42Crunch validates our common vision of providing customers globally with a true DevSecOps solution to protect their digital assets from an ever-growing array of attacks,” said Jacques Declas, CEO of 42Crunch.
“It is well recognized that an effective API security strategy must start early in the software development lifecycle," Declas added. "This partnership between 42Crunch and Microsoft will enable customers to define, implement, and enforce API security compliance and governance across their API estate at scale.”
Development teams can do more than just test their APIs for security vulnerabilities earlier on in the development lifecycle; by combining insights and security findings from both solutions within the Defender for Cloud platform, security teams can also gain broad visibility and governance into the risks associated with their APIs from design to runtime. For operations teams, it will also be able to leverage the native workflow capabilities of Defender for Cloud to accelerate remediation efforts.
“Our partnership with 42Crunch enhances Defender for Cloud's existing runtime API security capabilities by bringing added visibility into potential vulnerabilities that may be introduced through your DevOps pipeline," said Vlad Korsunsky, Vice President of Cloud and Enterprise Security at Microsoft. "Together with 42Crunch, we bridge the gap of API security from development to runtime and empower security teams to exercise governance over their API ecosystem throughout the development lifecycle.”
According to Gartner (News - Alert), protecting web APIs with general-purpose application security solutions is ineffective. “Each new API represents an additional and potentially unique attack vector into your systems,” says Gartner. To protect their applications, enterprises should instead, “adopt a continuous approach to API security across the API development and delivery cycle, designing security into APIs. Include API security testing and the creation and application of reusable API security policies.”
Edited by Alex Passett