42Crunch for Internal microservice audit

An internal microservice audit requires visibility into many APIs with varied tech stacks and deployment topologies. middleBrick is a black-box scanner that submits requests to endpoints and analyzes responses, without requiring agents, SDKs, or access to source code. Scan time is under a minute per endpoint, using read-only methods plus text-only POST for LLM probes. This makes it practical for recurring audits across multiple services, provided the auditor accepts that it does not perform intrusive exploit testing or business logic abuse.

middleBrick maps findings to OWASP API Top 10 (2023), and its detections align with security controls described in PCI-DSS 4.0 and SOC 2 Type II. The scanner covers the OWASP categories most relevant to internal microservice audit workflows, including authentication bypass, broken object level authorization, excessive data exposure, input validation issues, rate limiting gaps, SSRF surface, and LLM security probes. It surfaces findings relevant to audit evidence for these frameworks, but it is not an auditor and cannot certify compliance.

The scanner parses OpenAPI 3.0, 3.1, and Swagger 2.0 files with recursive $ref resolution, then cross-references the spec against runtime behavior. For internal microservice audit use cases, this highlights undefined security schemes, deprecated operations, missing pagination, and overly permissive parameters. You can feed the spec to validate that runtime behavior matches documented contracts, which helps you prepare for control reviews that rely on traceability between design and implementation.

Authenticated scanning is available in Starter and higher tiers, supporting Bearer tokens, API keys, Basic auth, and cookies. Before scanning with credentials, domain verification is enforced via DNS TXT record or an HTTP well-known file, ensuring only the domain owner can submit authenticated scans. The scanner forwards a restricted allowlist of headers, which limits noise in microservice audit trails while preserving the context needed to evaluate auth flows.

middleBrick completes scans in under a minute and can be run from the CLI, web dashboard, GitHub Action, or MCP server used by AI coding assistants. Continuous monitoring is available in Pro for scheduled rescans and diff detection. The tool does not fix, patch, or block findings; it reports with remediation guidance. It does not perform active SQL injection or command injection tests, detect business logic vulnerabilities, or offer blind SSRF coverage, so a human pentester remains necessary for high-stakes audits.