Migrating from 42Crunch to Protect AI

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or SDK dependencies
  • Under-one-minute scan time with prioritized findings
  • OWASP API Top 10 aligned detection across 12 categories
  • OpenAPI 3.x and Swagger 2.0 spec parsing with $ref resolution
  • Authenticated scans with header allowlist and domain verification
  • CI/CD integration via GitHub Action and programmatic API

Overview of migration goals

This guide outlines how to move from an existing API security scanning approach to using a self-service scanner that requires no agents, SDKs, or code access. The focus is on preserving scan coverage, CI integrations, and operational data while understanding the differences in deployment model and scope.

Mapping detection coverage and compliance framing

The scanner evaluates APIs against 12 security categories aligned to the OWASP API Top 10 (2023). It also maps findings to PCI-DSS 4.0, SOC 2 Type II, and relevant aspects of the OWASP API Top 10. For other frameworks, it helps you prepare for or aligns with security controls described in those frameworks, supporting audit evidence without asserting certification or compliance.

Detection areas include authentication bypass, JWT misconfigurations, authorization flaws (BOLA, BFLA, property exposure), input validation issues, rate limiting, data exposure, encryption misconfigurations, SSRF, inventory risks, unsafe consumption patterns, and LLM/AI security probes. The tool does not perform active injection testing or business logic assessments, which remain outside its scope.

Scan mechanics and environment interaction

Scans are black-box and complete in under a minute using read-only methods such as GET and HEAD, with text-only POST for LLM probes. The scanner validates an owned domain via DNS TXT or HTTP well-known file, ensuring only the domain owner can submit credentials if required.

Authenticated scans support Bearer, API key, Basic auth, and cookies, with a strict allowlist of headers. Only OpenAPI 3.0, 3.1, and Swagger 2.0 specifications are parsed, with recursive $ref resolution and cross-referencing against runtime behavior to highlight undefined security schemes or deprecated paths.

Operational integrations and workflow preservation

The platform provides a web dashboard for reviewing scans and tracking score trends, with downloadable compliance reports. A CLI enables local execution using a command such as middlebrick scan <url>, outputting structured JSON or text for integration into existing tooling.

CI/CD workflows can use the GitHub Action as a gate that fails the build when scores drop below a defined threshold. For automated pipelines, an API client allows custom integrations, and the MCP Server supports scanning from AI-assisted coding tools. Continuous monitoring (Pro tier) adds scheduled rescans, diff detection, and email or webhook alerts with rate limiting and HMAC-SHA256 signatures.

Data handling, privacy, and known gaps

Scan data is deletable on demand and purged within 30 days of account cancellation. No customer data is sold or used for model training. The scanner blocks private IPs, localhost, and cloud metadata endpoints at multiple layers and only uses read-only methods, ensuring no destructive payloads are transmitted.

Note that the tool does not fix or remediate findings, nor does it detect blind SSRF, business logic issues, or perform intrusive injection testing. A human familiar with your domain is still required for deep security reviews and to validate contextual risks.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I preserve my existing scan history and CI wiring during migration?
You can rebuild workflows using the CLI and API, mapping previous CI gates to equivalent thresholds. Historical scan data must be exported and stored independently, as the platform does not ingest external scan archives.
How are compliance mappings handled for frameworks outside the core list?
For regulations not explicitly covered, the scanner surfaces findings relevant to security controls and helps you prepare evidence. It does not claim certified or guaranteed compliance with any specific framework.
What authentication methods are supported for authenticated scans?
Bearer tokens, API keys, Basic auth, and cookies are supported, provided the domain ownership verification is completed via DNS or file-based validation.
Does the scanner perform active exploitation or intrusive testing?
No. The scanner relies on read-only methods and passive checks. It does not execute active SQL injection, command injection, or blind SSRF tests that require out-of-band infrastructure.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.