42Crunch announced the release of new IDE OpenAPI (Swagger) editing plugins for both Eclipse and JetBrains family of IDEs including IntelliJ and PyCharm.
42Crunch’s free OpenAPI security audit plugins simplify REST API development by delivering features such as OpenAPI navigation, code snippets, intellisense, and HTML preview.
More importantly, the plugins help developers take their API security to the next level by delivering audit reports right to the developer’s IDE. Thus, engineers discover and address security vulnerabilities as early as API design and development time.
APIs are projected to be the number one attack vector by 2022. Transition to cloud-native architectures, microservices, and serverless functions led to the proliferation of APIs. Companies now have thousands of APIs: constantly changing and network-accessible, thus representing the new, vastly expanded attack surface.
Research shows that detecting and fixing vulnerabilities during production or post-release time is 30 times more difficult than earlier in the API lifecycle. By taking a shift-left approach and addressing API security during design time, companies will establish and maintain the security of their systems while staying agile and delivering business requirements – this starts with developers.
“42Crunch’s mission is to provide API security technology for each stage of the API lifecycle from design, to development, to testing, to runtime protection and monitoring,” says Dmitry Sotnikov, Chief Product Officer at 42Crunch.
“By bringing API security audit right into developers’ IDEs of choice, we are making API security easier. Developers get actionable security advice within their development environment and are thus enabled to improve the security of their product.”
The Eclipse and IntelliJ/PyCharm extensions both add rich support for the OpenAPI Specification (Swagger) in JSON or YAML format and allow developers to:
- Perform 200+ security checks of the OpenAPI specification definition, with detailed feedback for security improvements
- Easily view security issues in-line with contract based on the severity level
- And remediate issues without ever having to leave your IDE
Shifting security left
The release of these two new plugins comes as part of 42Crunch’s overall strategy of taking a shift-left approach to simplify and automate security.
With a combined 100k+ users of their API Security Platform, IDE and CI/CD plugins, 42Crunch is creating a natural way for development, security and operations teams to naturally enable a DevSecOps process across the API security lifecycle.