42crunch-api-security-testing
Automate API security in Claude Code: audit OpenAPI specs, detect OWASP API risks (BOLA/BFLA), and apply AI fixes.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for 42crunch-api-security-testing, derived from its capabilities.
AIVSS 9.0 · Critical
View MAESTRO 7-layer threat model →Overview
42Crunch's API security testing plugin. It audits OpenAPI specs, detects vulnerabilities aligned with the OWASP API Security Top 10 (including BOLA and BFLA), and applies AI-powered fixes through a continuous audit->scan->remediate->validate loop. Surface is an MCP server plus commands that run 42Crunch scans and remediation against API specs.
Key features
- OpenAPI spec auditing
- OWASP API Top 10 detection incl. BOLA/BFLA
- AI-powered remediation
- Continuous audit-scan-remediate-validate loop
Use cases
- Gate API changes on a security scan before deploy
- Fix BOLA/BFLA and other API vulns in-editor