Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

42Crunch and Cisco Collaborate to Drive API Security Forward and to Increase Cloud Protection

October 2021 by Marc Jacob

Today at KubeCon, 42Crunch, the Developer-First API security platform company, announced their collaboration with Cisco to provide the developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection.

APIs are increasingly a favorite target for hackers seeking to compromise cloud environments with malware such as crypto-jacking and ransomware. 42Crunch and Cisco are addressing these threats by advocating a “shift-left” approach to API security and discovery that empowers developers to code protection into the API build process.

Although cloud environments offer enterprises many security benefits, new vulnerabilities continue to arise that offer attackers fresh avenues into cloud-based environments. One such attack path is the API. Every connected mobile, modern web, or cloud-hosted application uses and exposes APIs. These APIs enable access to data and to call application functionality. While they are relatively easy to expose, they are difficult to document and defend. As a result, shadow and zombie APIs are rife, type checking is lax, API specifications are incomplete, and authentication and authorization issues often creep up. To address these challenges, 42Crunch collaborated with Cisco to create APIClarity, a new open-source tool to improve the configuration and protection of APIs.

APIClarity

In a recent study into the Cloud Threat Landscape, IBM found that two-thirds of cloud breaches can be attributed to misconfigured APIs.[1]

Today, APIClarity utilizes a Service Mesh framework to discover APIs and can be used in association with the 42Crunch API Audit capabilities to improve the configuration of the API specification. Knowing the API specification is the first step in identifying API risks and APIClarity captures all existing API traffic and constructs the OpenAPI specification by observing the API traffic and allows users to upload OpenAPI specifications and review, modify and approve the generated specs. It alerts the user on differences between the approved API specification and the one observed in runtime and detects shadow and zombie APIs with a UI dashboard auditing and monitoring the API findings.

Welcoming the announcement, Vijoy Pandey, VP of Emerging Technologies and Incubations at Cisco said, “Having a robust API security strategy is critical for enterprises to succeed with their digital transformation projects. Launching APIClarity represents a significant step in providing an end-to-end API security solution for enterprise cloud environments. We’re excited about the potential for APIClarity to empower developers to adopt a security as code approach to protecting their APIs, and to continue working with organizations like 42Crunch who share the same vision for enabling greater API security.”




See previous articles

    

See next articles