Migrating from 42Crunch to APIsec

Try middleBrick free

What middleBrick covers

  • Submit a URL and receive a risk score A–F with prioritized findings
  • Black-box scanning without agents, SDKs, or code access
  • Detect 12 OWASP API Top 10 categories plus LLM security probes
  • Parse OpenAPI 3.0/3.1 and Swagger 2.0 with $ref resolution
  • Authenticated scanning via Bearer, API key, Basic, and Cookie
  • Continuous monitoring with diff detection and scheduled rescans

Overview of migration goals

This guide focuses on moving your API security assessment practice from 42Crunch to middleBrick. It covers data export, rebuilding scan history in the dashboard, and preserving CI/CD wiring. The tone is neutral: middleBrick is a scanning tool, not an auditor, and it does not replace a full architectural review.

Data export and import considerations

42Crunch typically provides findings as JSON or CSV exports. middleBrick does not provide an automated importer; you will need to map exported fields to dashboard entries manually. Key fields to preserve include API endpoint paths, HTTP methods, detected security issues, severity levels, and any linked tickets or tickets IDs. Use the middleBrick Web Dashboard to create new scan entries and attach notes with the original source reference so historical context is not lost.

Rebuilding scan history and trends

In the middleBrick Web Dashboard you can recreate comparable scan histories by running scheduled scans on the same set of APIs over time. Use the consistent URL list and authentication setup to ensure results are comparable. The dashboard supports score trends and diff detection across scans, which helps you track which findings were introduced or resolved. Note that scan timestamps will reflect when the new scans run, so do not expect an exact point-in-time reconstruction of prior 42Crunch runs.

CI/CD and workflow integration

Recreate your CI gates using the middleBrick GitHub Action. Configure it to fail the build when the score drops below your chosen threshold. For pipeline steps that previously called 42Crunch, replace those calls with the middleBrick CLI (middlebrick scan <url>) and parse the JSON or text output. Adjust any downstream notifications to use the built-in email or Slack/Teams alerts, or use the HMAC-SHA256 signed webhooks if you require programmatic consumption.

Known gaps and limitations

Migration does not automatically carry over historical risk scoring nuances or custom rules from 42Crunch. middleBrick uses its own 12-category detection set aligned to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II, and it does not support custom vulnerability payloads or exploit validation. Business logic issues and blind SSRF remain out of scope for automated scanning. Plan for manual validation and additional testing where those classes of risk are relevant.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import 42Crunch findings directly into middleBrick?
No, there is no automated importer. You can export findings from 42Crunch and manually recreate scan entries in the middleBrick dashboard, mapping fields such as severity and endpoint.
Will scheduled rescans in middleBrick match my old scan schedule?
You can set rescans every 6 hours, daily, weekly, or monthly. Use the same API list and authentication tokens to keep the schedule consistent, but timestamps will reflect the new scan times.
Does middleBrick support the same authentication methods as 42Crunch?
Yes, it supports Bearer tokens, API keys, Basic auth, and cookies. For authenticated scans, domain verification is required so that only the domain owner can submit credentials.
What compliance mappings does middleBrick provide during migration?
Findings map to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II. It does not claim compliance with HIPAA, GDPR, ISO 27001, or other regulatory frameworks.
Can I automate remediation using middleBrick?
No. The tool detects and reports with remediation guidance; it does not fix, patch, block, or perform active exploitation such as SQL injection or command injection.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.