API security as code
Yenlo is proud reseller of the 42Crunch API security platform. Yenlo offers this API security platform as standalone solution as well as part of Yenlo’s Connext platform. Together, the 42Crunch platform and Yenlo Connext will enable enterprises to make security part of their continuous integration and continuous deployment (CI/CD).
The 42Crunch solution lets you describe security as code as part of your OpenAPI specification files, allowing you to entirely automate the API security process, from the very beginning of the API lifecycle. Developers can simply annotate their API contracts to describe the required security policies and we process those annotations to automatically generate an API firewall configured to protect the API.
Developer driven intelligence
- Empowers developers to secure their API from design time using a description language they know: security as code.
- Enables the introduction of security as early as possible in the API lifecycle: API DevSecOps.
- Delivers a unified and integrated platform for development, security and operations teams: single source of truth for API security.
Run 200+ security audit checks of the OpenAPI specification definition with detailed security scoring to help define and strengthen the API contract.
Scan live API endpoints to discover potential vulnerabilities and discrepancies of the API implementation against the API contract.
Configure the 42Crunch API-native micro-firewall straight from the OpenAPI definition: automatically protect APIs and engage pre-defined policies.
The benefits of 42Crunch
- At any stage: design, development, testing, runtime – 42Crunch tells you exactly what each security issue is, with specific location in API contract, an explanation of the possible exploit scenario and suggested remediation.
- Cloud-native architecture means that protection can get added to your existing microservice deployments with no extra infrastructure required.
- No proprietary formats – the platform leverages the industry standard OpenAPI specification.
- Hybrid deployment model (management and testing done from the cloud and protection firewall deployed next to your APIs in your current deployment infrastructure) makes getting started and maintaining the system a breeze.
- 42Crunch gets embedded right into your current tooling: IDEs, code repositories & collaboration platforms, CI/CD – being there right when you need it.
- Security Audit and Scanning become automated checks ensuring that insecure code never makes it to the master branch and production deployment.
- Runtime protection policies get automatically redeployed with each API change making sure that you can stay agile without compromising security.
- 42Crunch dashboards provide common view on all the projects that the enterprise has, all APIs in them, and the state of security for each and every one of them.
- All teams: API architects, developers, QA, security, operations – get a shared view of API security, its shared definition, and shared understanding of what needs to be done to improve it.
- 42Crunch integrates with existing collaborative developer tooling such as GitHub, GitLab, or Azure pipelines.
API Security by design
- API Native
Addresses natively APIs’ unique security requirements across data validation, authentication, authorization, confidentiality, integrity.
- API Micro-firewall for Kubernetes
Thanks to its low footprint, 42Crunch API Firewall can be deployed at scale on Kubernetes as sidecar proxy.
- Intuitive User Interface
The intuitive interface makes it easy to get started, and provides real-time Security dashboards with actionable data.
- Positive Security Model
The API Contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.
- Integrate into CI/CD
Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan & protect your API.
- Designed for DevSecOps
Enables a seamless DevSecOps experience from development to deployment through automation.