Migrating from APIsec to Escape

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or SDK integration
  • 12 OWASP API Top 10 categories including LLM security probes
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with $ref resolution
  • Authenticated scans with header allowlist and domain verification
  • CI/CD integration via GitHub Action and CLI
  • Continuous monitoring with diff detection and HMAC-SHA256 webhooks

Overview of migration goals

This guide outlines how to move from APIsec to middleBrick when changing tools. It focuses on data export, rebuilding scan workflows, and aligning existing CI wiring with middleBrick capabilities. middleBrick is a scanner that reports findings and does not fix, patch, or certify compliance.

Exporting and normalizing scan data

Extract findings from APIsec and map them to middleBrick categories aligned to OWASP API Top 10 (2023). Prioritize items by severity and exploitability. Common mappings include authentication bypass and JWT misconfigurations to middleBrick Authentication findings, and ID enumeration to BOLA. Export in JSON or CSV, then use a small transformation script to match middleBrick output fields such as category, location, and confidence.

Example transformation in Python:

import json
with open('apisec_export.json') as f:
    data = json.load(f)
for item in data.get('findings', []):
    mapped = {
        'id': item.get('id'),
        'title': item.get('title'),
        'category': map_category(item.get('severity')),
        'location': item.get('endpoint')
    }
    # send mapped to middleBrick import if supported

Rebuilding scan workflows and schedules

Recreate your scanning cadence using middleBrick scan modes. For external endpoints, use the CLI with middlebrick scan <url> and schedule via your existing orchestration. For authenticated coverage, provide Bearer, API key, Basic auth, or cookies and ensure domain verification via DNS TXT or HTTP well-known file. Replicate previous frequency by configuring Continuous Monitoring in Pro for daily or weekly rescans and diff detection to surface new findings or score drift.

Example CLI usage:

middlebrick scan https://api.example.com --auth-type bearer --auth-token <token>

CI/CD and alert integrations

Wire middleBrick into your pipelines using the GitHub Action to gate builds on score thresholds, or use the CLI in pre-commit and CI steps. Configure email alerts limited to 1 per hour per API, or set up HMAC-SHA256 signed webhooks with auto-disable after 5 consecutive failures. If you previously used APIsec CI hooks, replace them with these integration points and test failure behavior in a non-production environment.

Example GitHub Action snippet:

- name: MiddleBrick Scan
  uses: middlebrick/github-action@v1
  with:
    url: ${{ secrets.TARGET_URL }}
    threshold: C

Known gaps and planning considerations

middleBrick does not perform active SQL injection or command injection, does not detect business logic vulnerabilities, and does not replace a human pentester for high-stakes audits. If APIsec provided coverage for these areas, plan manual validation or complementary tooling. Use middleBrick for continuous OWASP API Top 10 monitoring and to surface findings relevant to SOC 2 Type II and PCI-DSS 4.0 controls, but do not rely on it to certify or ensure compliance with any regulatory framework.

Maintain a separate process for logic flaws and blind SSRF where out-of-band infrastructure is required. Track migrated scan history by correlating external identifiers such as endpoint paths and severity to preserve trend analysis across tools.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import APIsec findings directly into middleBrick?
middleBrick does not have a direct APIsec import. Export findings from APIsec, map them to middleBrick categories, and use the dashboard or API to ingest normalized data.
Will my existing CI pipelines break after migration?
They will need updates to use middleBrick CLI or GitHub Action and to align severity thresholds. Test pipelines in a branch before promoting to production.
Does middleBrick provide compliance reports for HIPAA or GDPR?
middleBrick surfaces findings relevant to SOC 2 Type II and PCI-DSS 4.0 controls and helps you prepare for audits. It does not certify compliance with HIPAA, GDPR, or other regulations.
Can authenticated scans cover all my APIs?
Authenticated scanning in Starter and above supports Bearer, API key, Basic auth, and cookies. You must complete domain verification for credentials to be accepted.
How are scan results compared over time?
Pro tier continuous monitoring provides diff detection across scans to highlight new findings, resolved findings, and score drift. Historical data is retained for trend analysis.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.