Alternatives to APIsec on Laravel

middleBrick is a self-service API security scanner that operates without agents or code access. You submit a URL and receive a risk score from A to F with prioritized findings. The scanner uses read-only methods (GET and HEAD) plus text-only POST for LLM probes, completing a scan in under a minute. Because it is black-box, it works with any language, framework, or cloud, including Laravel applications, without requiring framework-specific instrumentation.

middleBrick maps findings directly to OWASP API Top 10 (2023) and covers requirements of PCI-DSS 4.0 and SOC 2 Type II. For Laravel APIs, it detects items such as authentication bypasses, JWT misconfigurations including alg=none and HS256, security header issues, and IDOR patterns like sequential ID enumeration. It also flags BFLA risks, property over-exposure, CORS wildcard misconfigurations, unsafe data exposure including common PII and API key formats, SSRF indicators in URL accepting parameters, and server fingerprinting through missing versioning.

The scanner includes specific checks for LLM / AI Security across Quick, Standard, and Deep tiers. For Laravel APIs exposed to AI tooling, it runs 18 adversarial probes targeting system prompt extraction, instruction override, DAN and roleplay jailbreaks, data exfiltration, cost exploitation, encoding bypasses, translation-embedded injection, few-shot poisoning, markdown injection, multi-turn manipulation, indirect prompt injection, token smuggling, tool-abuse, nested instruction injection, and PII extraction. These probes help surface prompt-injection risks that may affect downstream AI integrations.

With Starter tier and above, you can enable authenticated scanning for Laravel APIs using Bearer, API key, Basic auth, or Cookie credentials. Domain verification is required, allowing only the domain owner to scan with credentials. The scanner forwards a restricted set of headers, including Authorization, X-API-Key, Cookie, and X-Custom-*. Results integrate with multiple products: the Web Dashboard for scan management and trend tracking, the CLI via middlebrick scan <url> with JSON or text output, a GitHub Action that can fail the build when the score drops below a threshold, an MCP Server for AI coding assistants, and a programmable API for custom integrations.

Pro tier adds continuous monitoring for Laravel APIs, with scheduled rescans every 6 hours, daily, weekly, or monthly. It provides diff detection across scans to highlight new findings, resolved findings, and score drift. Alerts are sent via email at a rate-limited frequency of 1 per hour per API, and HMAC-SHA256 signed webhooks auto-disable after 5 consecutive failures. The scanner helps you prepare for compliance by surfacing findings relevant to PCI-DSS 4.0 and SOC 2 Type II, and it supports audit evidence for security reviews.