42Crunch for ASP.NET Core

middleBrick performs black-box scanning against ASP.NET Core endpoints without requiring access to source code or build artifacts. Submit the base URL of an API, and the scanner probes authentication, input handling, and error paths using only HTTP requests.

For ASP.NET Core, the scanner accounts for common routing patterns and default middleware behavior, including endpoint discovery and method-based routing. It does not interpret compiled binaries or runtime code, so findings are limited to what is observable over the network.

Scan coverage includes parameter injection via query strings, path segments, and body payloads, with awareness of framework-specific content negotiation and format handling. Detection of issues such as verbose error messages is based on observable responses rather than stack trace content.

The scanner validates authentication implementations and security header configurations aligned with OWASP API Top 10. It tests multi-method bypass attempts, JWT misconfigurations such as alg=none, expired tokens, missing claims, and sensitive data within claims.

For ASP.NET Core, the scanner evaluates whether authentication middleware is correctly enforced and whether security headers such as WWW-Authenticate comply with expected standards. Tests include mixed content detection, HSTS presence, cookie flags, and HTTPS redirect behavior.

Authenticated scanning allows the use of Bearer tokens, API keys, Basic auth, and cookies. Domain verification via DNS TXT record or HTTP well-known file ensures that only domain owners can submit credentials, and forwarded headers are limited to an allowlist to reduce noise.

Testing for Broken Level of Authorization (BOLA/IDOR) includes sequential ID enumeration and active adjacent-ID probing to detect insecure direct object references. BFLA and privilege escalation checks probe admin endpoints and inspect role or permission field leakage.

Input validation tests cover CORS wildcard configurations with and without credentials, dangerous HTTP methods, and debug endpoints. Over-exposure of internal fields and mass-assignment surfaces are flagged under Property Authorization checks.

OpenAPI 3.0, 3.1, and Swagger 2.0 specifications are parsed with recursive $ref resolution. Findings from runtime scans are cross-referenced against the spec to identify undefined security schemes, deprecated operations, and missing pagination that may contribute to exposure.

The scanner includes dedicated LLM/AI security testing across three tiers: Quick, Standard, and Deep. These tiers execute 18 adversarial probe types focused on model behavior and data handling.

Checks include system prompt extraction, instruction override attempts, DAN and roleplay jailbreaks, data exfiltration probes, cost exploitation, and encoding bypass techniques such as base64 and ROT13. Additional tests cover translation-embedded injection, few-shot poisoning, markdown injection, multi-turn manipulation, indirect prompt injection, token smuggling, tool abuse, nested instruction injection, and PII extraction.

Pro tier monitoring can schedule repeated LLM security scans to track changes in model responses over time, with diff detection for new or resolved findings.

middleBrick maps findings directly to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). These mappings help you prepare for audit evidence collection and align with security controls described in those frameworks.

Continuous monitoring in Pro tier supports scheduled rescans every six hours, daily, weekly, or monthly. Email alerts are rate-limited to one per hour per API, and webhooks are HMAC-SHA256 signed, with auto-disable after five consecutive failures.

Scan data is deletable on demand and purged within 30 days of cancellation. The product does not perform active exploitation such as SQL injection or command injection, and it does not replace a human pentester for high-stakes assessments.