Alternatives to APIsec in Government

middleBrick is a self-service API security scanner designed for government assessment workflows. Submit an API endpoint, receive a risk score from A to F with prioritized findings, and complete a scan in under a minute. The scanner uses only read-only methods such as GET and HEAD, with text-only POST for LLM probes, and does not require agents, code access, or SDK integration. It operates without modifying your runtime or deployment, making it suitable for sensitive environments where intrusive testing is restricted.

middleBrick maps findings directly to three frameworks commonly referenced in government evaluations: PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). Detection coverage includes the OWASP API Top 10 categories such as authentication bypass, JWT misconfigurations including alg=none and expired tokens, BOLA and IDOR via sequential ID enumeration, BFLA and privilege escalation attempts, over-exposed properties and mass-assignment surfaces, input validation issues like CORS misconfigurations and dangerous HTTP methods, rate-limiting indicators, data exposure patterns including PII and API key formats, encryption and header misconfigurations, SSRF indicators, inventory issues such as missing versioning, unsafe consumption surfaces, and LLM/AI security probes. For other frameworks, the scanner helps you prepare for and aligns with security controls described in relevant standards, supporting audit evidence without claiming certification or compliance guarantees.

Authenticated scanning is available from the Starter tier onward, supporting Bearer tokens, API keys, Basic auth, and cookies. Domain verification is enforced through DNS TXT records or an HTTP well-known file, ensuring that only the domain owner can submit credentials. When credentials are used, only a restricted allowlist of headers is forwarded, including Authorization, X-API-Key, Cookie, and X-Custom-* headers. The scanner respects strict read-only boundaries: destructive payloads are never sent, private IPs, localhost, and cloud metadata endpoints are blocked at multiple layers, and no active SQL injection or command injection tests are performed.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 documents, resolving recursive $ref references and cross-referencing spec definitions against runtime behavior. This helps identify undefined security schemes, sensitive fields, deprecated operations, and missing pagination. For ongoing governance, the Pro tier provides scheduled rescans every 6 hours, daily, weekly, or monthly, with diff detection to surface new findings, resolved findings, and score drift. Alerts are delivered via rate-limited email (1 per hour per API) and HMAC-SHA256 signed webhooks that auto-disable after five consecutive failures. The scanner does not fix, patch, block, or remediate; it detects and provides remediation guidance.

The Web Dashboard centralizes scan management, report viewing, score trend tracking, and branded compliance PDF downloads. The CLI, distributed as an npm package named middlebrick, supports commands such as middlebrick scan <url> with JSON or text output. A GitHub Action enables CI/CD gating, failing builds when scores drop below a defined threshold. An MCP Server allows scanning from AI coding assistants including Claude and Cursor, and a programmable API supports custom integrations. These tools are designed to integrate into existing workflows without introducing runtime dependencies on the scanning infrastructure.