SAN JOSE, Calif., Oct. 9, 2019 /PRNewswire/ — Today at API World, API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the availability of REST API Security Audit functionality in its popular OpenAPI extension for Microsoft Visual Studio Code — making it easier than ever to enable a DevSecOps process for API security.

42Crunch VS Code Security Audit for OpenAPI Editor

Developers working on their APIs within 42Crunch’s VS Code extension simply have to click the Security Audit button at the top right of the window to run a remote service that will audit the API contract against 200+ various checks for API security best practices and possible vulnerabilities; including authentication, authorization, transport, data inputs and outputs.

The results are presented as an actionable Security Audit report. Each vulnerability is also underlined in the code and added to the IDE’s Problems panel. The tool provides an explanation, possible exploit scenario, and fix recommendations.

«With APIs increasingly becoming one of the primary attack vectors, companies want to shift-left and have developers ensure that their APIs are designed and implemented with security in mind from day 1,» says Dmitry Sotnikov, VP of Cloud Platform at 42Crunch. «42Crunch has made it easier for software engineers to get API security audit and recommendations at their fingertips, right within their IDE.»

The extension supports both version 2 and version 3 of OpenAPI specification, both JSON and YAML formats. It’s available free to all VS Code users at and already has more than 16 thousand installations and 11 five-star reviews.

API World 2019
Join 42Crunch at API World – Booth 306 to learn more about ensuring API security across all REST APIs in your company. For a deeper dive into DevSecOps for API Security and the OWASP API Top 10 – join our security experts for their presentations today: 

About 42Crunch
The 42Crunch platform provides a set of automated tools to easily secure your entire API infrastructure by building security into OpenAPI contracts and enforcing those policies throughout the entire lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of your APIs. Visit to learn more.  

Join our online community:


Visit 42Crunch:

Cision View original content to download multimedia:

SOURCE 42Crunch