Audit, Scan and Protect all your APIs

The 42Crunch platform offers a unique set of integrated tools which allow discovery, remediation of API vulnerabilities and runtime protection against API attacks.

API Security Audit

An exhaustive security audit of the OpenAPI specification definition with detailed security scoring helping developers define and strengthen their API contracts.

API Conformance Scan

A scan of live API endpoints to discover potential vulnerabilities and discrepancies of your API implementation against the API contract.

API Protection

A straightforward service to protect APIs and apply policies that can be deployed in our lightweight, low-latency micro API-native firewall.

Built by security experts for security experts

Our platform is built on a resilient, multi-tenant, security-driven architecture.

Positive Security Model

The API Contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.

API Native

Our platform addresses natively APIs’ unique security requirements across data validation, authentication, authorization, confidentiality and integrity.

Ready for DevSecOps

Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API.

Security for All - Built For Collaboration

API Security requires teamwork across Dev, Sec and Ops.

For Developers

Enable APIs protection by focusing on proper API contract definition

For Security

Define and enforce corporate security policies from first day of design

For Operations

Deploy API firewalls at critical points in the architecture

Our Design Manifesto

Secured by design, trust no-one.

API Security setup is declared, not manual

Our domain knowledge and standards are available as pre-defined policies

Security teams are in control

Security is adapted to the risk involved

Security Infrastructure is delivered as code

Communication platform across all roles involved

Deploy anywhere

You can use our firewall to equally protect north-south and east-west traffic. Thanks to its low footprint, it can be deployed at scale on any Docker orchestrator such as Kubernetes, Docker™ Swarm or Redhat OpenShift(®). Our runtime is fully compatible with existing API management solutions or API gateways and with microservices-based architectures. We support the sidecar proxy and gateway deployment models.