42Crunch for Django

middleBrick is a self-service API security scanner that operates as a black-box tool against Django endpoints. You submit a URL and receive a risk score from A to F with prioritized findings. The scanner supports read-only methods (GET and HEAD) and text-only POST for LLM probes, completing a scan in under a minute without requiring agent installation, code access, or SDK integration.

The scanner checks 12 categories aligned to the OWASP API Top 10 (2023), relevant to typical Django deployments. It detects authentication issues such as JWT misconfigurations including alg=none, weak algorithms, expired tokens, missing claims, and sensitive data in claims. It evaluates security headers and WWW-Authenticate compliance, probes for Broken Object Level Authorization (BOLA)/IDOR via sequential ID enumeration and adjacent-ID probing, and checks for Broken Function Level Authorization (BFLA)/privilege escalation through admin endpoint discovery and role/permission field leakage. It assesses property authorization by identifying over-exposure and internal field leakage relevant to Django models, and validates input validation controls including CORS wildcard usage with and without credentials, dangerous HTTP methods, and debug endpoints.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 specs with recursive $ref resolution and cross-references spec definitions against runtime findings to surface undefined security schemes, sensitive fields, deprecated operations, and missing pagination. For authenticated scanning at the Starter tier and above, the scanner supports Bearer, API key, Basic auth, and Cookie-based authentication. A domain verification gate ensures only the domain owner can scan with credentials, and the scanner forwards a restricted allowlist of headers including Authorization, X-API-Key, Cookie, and X-Custom-*.

The scanner includes an LLM / AI Security assessment with 18 adversarial probes across Quick, Standard, and Deep tiers. These probes test for system prompt extraction, instruction override, DAN and roleplay jailbreaks, data exfiltration, cost exploitation, encoding bypasses such as base64 and ROT13, translation-embedded injection, few-shot poisoning, markdown injection, multi-turn manipulation, indirect prompt injection, token smuggling, tool abuse, nested instruction injection, and PII extraction. Data exposure checks identify PII patterns such as email addresses, Luhn-validated card numbers, context-aware SSN formats, common API key formats for AWS, Stripe, GitHub, and Slack, as well as error and stack-trace leakage.

middleBrick does not fix, patch, block, or remediate issues; it detects and reports with remediation guidance. It does not perform active SQL injection or command injection testing, does not detect business logic vulnerabilities, does not identify blind SSRF, and does not replace a human pentester for high-stakes audits. The tool helps you prepare for compliance with security frameworks and supports audit evidence collection. It maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023), and aligns with security controls described in other standards.

The scanner is available via Web Dashboard for managing scans and tracking score trends, CLI through the middlebrick npm package using middlebrick scan <url> with JSON or text output, and GitHub Action for CI/CD gating that fails the build when the score drops below a threshold. An MCP Server enables scanning from AI coding assistants, and the Pro tier adds scheduled rescans, diff detection, email alerts, signed webhooks, and compliance reports.