42Crunch for Rocket

middleBrick operates as a black-box scanner, sending only read-only methods such as GET and HEAD and text-only POST for LLM probes. This design means the tool does not need to understand Rocket defaults or your auth middleware internals to execute requests against the live service.

Because scanning is spec-driven, OpenAPI 3.0, 3.1, and Swagger 2.0 files with recursive $ref resolution are parsed and then compared against runtime behavior. If your Rocket endpoints are defined in an OpenAPI document, middleBrick can cross-reference declared security schemes and paths to highlight undefined security requirements or deprecated operations that do not align with the published contract.

When authentication is required, authenticated scanning modes accept Bearer, API key, Basic auth, or Cookie credentials. Domain verification is enforced through DNS TXT records or an HTTP well-known file to ensure only the domain owner can submit credentials. Only a limited set of headers is forwarded, including Authorization, X-API-Key, Cookie, and custom headers prefixed with X-Custom-.

Rocket applications that implement custom error shapes or nonstandard routing are still exercised as generic HTTP services. The scanner does not interpret Rocket-specific macros or guards, but it does validate observable behaviors such as response codes, header presence, and data exposure. Limitations remain: business logic tied to domain rules cannot be evaluated without human context, and the tool does not attempt to patch or block findings.

The scanner evaluates 12 security categories aligned to OWASP API Top 10 (2023). Coverage includes authentication bypass and JWT misconfigurations such as alg=none, HS256 usage, expired tokens, missing claims, and sensitive data within claims. Security headers and WWW-Authenticate compliance are also assessed during passive inspection of responses.

Broken Object Level Authorization (BOLA) and Insecure Direct Object References (IDOR) are detected via sequential ID enumeration and active adjacent-ID probing. Privilege escalation and function-level authorization bypass (BFLA) are examined through admin endpoint probing and observation of role or permission field leakage in responses.

Data exposure checks identify PII patterns such as email addresses, Luhn-validated card numbers, context-aware SSN formats, and API key values for AWS, Stripe, GitHub, and Slack. Error and stack-trace leakage, along with sensitive HTTP methods and CORS wildcard configurations that include credentials, are surfaced as findings with remediation guidance.

middleBrick maps findings directly to three frameworks: PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other regulations, the tool helps you prepare for audits and aligns with security controls described in relevant standards, but it does not certify compliance or guarantee adherence to any regulatory framework.

The LLM / AI Security category conducts 18 adversarial probes across three scan tiers: Quick, Standard, and Deep. These probes target system prompt extraction, instruction override attempts, DAN and roleplay jailbreaks, data exfiltration strategies, and cost exploitation techniques.

Encoding bypass methods such as base64 and ROT13, translation-embedded injection, few-shot poisoning, and markdown injection are exercised to evaluate how models handle indirect prompt injection and token smuggling. Multi-turn manipulation, nested instruction injection, tool abuse, and PII extraction probes further assess the robustness of deployed language model endpoints.

These checks are non-intrusive and read-only. They do not modify model weights or training data, and they avoid destructive payloads. The results highlight risky model behaviors that may require additional guardrails or human review rather than claiming to resolve underlying model weaknesses.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 documents with full recursive $ref resolution. After parsing, the tool cross-references spec definitions against runtime findings to identify mismatches such as undefined security schemes, oversensitive fields, deprecated operations, and missing pagination indicators.

This comparison surfaces discrepancies between declared and actual behavior, helping you identify where implementation drift has occurred. Because the scanner does not modify server code, it relies on the accuracy and completeness of the provided OpenAPI document. In Rocket applications, ensure that routes and guards are reflected in the spec to achieve meaningful alignment between design and runtime observations.

Note that the tool does not perform active SQL injection or command injection testing, as those require intrusive payloads outside the intended scope. The emphasis is on detection and reporting, not on exploit validation.

Customer scan data is deletable on demand and purged within 30 days of cancellation. The service never sells data and does not use scan inputs for model training. Private IPs, localhost, and cloud metadata endpoints are blocked at multiple layers to prevent accidental internal probing.

Continuous monitoring options in higher tiers include scheduled rescans every 6 hours, daily, weekly, or monthly. Diff detection highlights new findings, resolved findings, and score drift over time. Email alerts are rate-limited to one per hour per API, and HMAC-SHA256 signed webhooks disable automatically after five consecutive failures to reduce noise.

Because middleBrick is a scanning tool, it does not fix, patch, block, or remediate issues. It detects and reports with remediation suggestions, leaving implementation decisions to your team. For high-stakes audits, a human pentester remains necessary to validate contextual business logic and complex threat models.