Is Noname Security worth it?

The scanner is a black-box solution that requires no agents, SDKs, or code access. You submit an API endpoint URL and receive a risk score from A to F with prioritized findings within under a minute. It supports read-only methods (GET and HEAD) and text-only POST for LLM probes, making it applicable to any language, framework, or cloud target without instrumentation.

The scanner evaluates 12 categories aligned to the OWASP API Top 10 (2023) and maps findings to PCI-DSS 4.0 and SOC 2 Type II controls. Detection capabilities include authentication bypass and JWT misconfigurations, broken object level authorization (BOLA) via sequential ID probing, broken function level authorization (BFLA) through admin endpoint discovery, over-exposed properties and mass assignment surfaces, CORS wildcard and dangerous HTTP method issues, rate-limit header absence and oversized responses, exposure of PII and API key patterns, missing encryption protections, SSRF indicators in URL accepting parameters, and inventory issues such as missing versioning. For LLM-specific risks, it runs 18 adversarial probes across Quick, Standard, and Deep tiers covering system prompt extraction, instruction override, data exfiltration, jailbreak techniques, token smuggling, and multi-turn manipulation.

Authenticated scanning is available in the Starter tier and above, supporting Bearer, API key, Basic auth, and Cookie credentials. Domain verification is enforced through DNS TXT records or an HTTP well-known file to ensure only the domain owner can scan with credentials. The scanner enforces a strict allowlist of headers: Authorization, X-API-Key, Cookie, and X-Custom-* and only uses read-only methods. Destructive payloads are never sent, and private IPs, localhost, and cloud metadata endpoints are blocked at multiple layers. Customer data is deletable on demand and purged within 30 days of cancellation.

The Web Dashboard centralizes scans, report viewing, score trend tracking, and branded compliance PDF downloads. The CLI package middlebrick provides terminal scanning with JSON or text output. A GitHub Action can gate CI/CD, failing the build when the score drops below a set threshold. An MCP Server enables scanning from AI coding assistants, and a programmable API supports custom integrations. Continuous monitoring in the Pro tier offers scheduled rescans, diff detection for new or resolved findings, email alerts at a rate-limited cadence, and HMAC-SHA256 signed webhooks with auto-disable after repeated failures.

middleBrick is a scanner that detects and reports; it does not fix, patch, block, or remediate findings. It does not perform active SQL injection or command injection testing, which falls outside its read-only design. Business logic vulnerabilities require domain expertise and are out of scope, and blind SSRF relying on out-of-band infrastructure cannot be detected. The tool should not replace a human pentester for high-stakes audits, and it does not certify compliance with HIPAA, GDPR, ISO 27001, NIST, or other regulatory frameworks.