Migrating from 42Crunch to Wallarm

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or SDK dependencies
  • Under-one-minute scan time with prioritized findings
  • Coverage of OWASP API Top 10 (2023) categories
  • Authenticated scans with token and cookie support
  • OpenAPI 3.x and Swagger 2.0 parsing with spec-to-runtime checks
  • CI/CD integration via GitHub Action and MCP Server

Overview of migration goals

This guide outlines how to move from a dedicated API security scanner to middleBrick as your primary API risk assessment tool. The focus is on preserving scan coverage, CI integration, and reporting fidelity while mapping existing findings to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II controls.

Data and configuration migration steps

Begin by exporting scan reports and policy configurations from your current platform. Use the middleBrick Web Dashboard to import findings where supported, or reconcile differences manually using the JSON output from the middleBrick CLI. Rebuild CI wiring by replacing existing scanner commands with middlebrick scan <url> and mapping exit codes to your pipeline gates. Note that historical scan metadata and custom test cases will not be automatically replicated; you should document and recreate high-value scenarios using the MCP Server or API client.

Feature alignment and gap awareness

middleBrick covers the same OWASP API Top 10 (2023) categories relevant to your prior setup, including authentication bypass, BOLA, BFLA, input validation, rate limiting, data exposure, and LLM/AI security probes. It supports authenticated scans with Bearer tokens, API keys, Basic auth, and cookies, and validates findings against PCI-DSS 4.0 and SOC 2 Type II control evidence. It does not perform active exploitation such as SQL injection or command injection, and business logic issues remain outside automated detection scope. Use the CLI JSON output to compare result sets and adjust thresholds to maintain parity.

CI/CD integration and monitoring

Incorporate the middleBrick GitHub Action to enforce score thresholds and fail builds when risk degrades. Enable continuous monitoring in Pro to schedule rescans every 6 hours, daily, weekly, or monthly, and configure email alerts and HMAC-SHA256 signed webhooks for automated ticketing. Compare these settings with your previous scanner to avoid alert fatigue and ensure webhook reliability by monitoring the failure threshold.

Reporting, compliance, and policy management

Use the dashboard to generate branded compliance PDFs aligned to PCI-DSS 4.0 and SOC 2 Type II, and to track score trends over time. When migrating policies, translate existing rule sets to middleBrick’s 12 detection categories, and leverage the OpenAPI parser to cross-reference spec definitions against runtime findings. For frameworks outside the mapped set, describe findings as supporting audit evidence or aligning with security controls described in the relevant standard. Remember that middleBrick is a scanning tool and cannot certify compliance or replace a human pentester for high-stakes audits.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I preserve my historical scan data during migration?
Export reports and policy definitions from your current tool and reconcile them manually in the middleBrick dashboard or via the API, as historical data is not imported automatically.
Does middleBrick support authenticated scans with CI tokens?
Yes, authenticated scans are supported with Bearer, API key, Basic auth, and cookies. Domain verification is required to ensure credential validity.
How does the GitHub Action handle failing builds?
The action fails the build when the assigned score drops below your configured threshold, using the same JSON output that the CLI produces.
Are business logic vulnerabilities detected automatically?
No. Business logic issues require domain context and are outside the scope of automated scanning.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.