Migrating from APIsec to Intruder

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or code access required
  • Risk scoring from A to F with prioritized findings
  • Detection aligned to OWASP API Top 10 (2023), PCI-DSS 4.0, SOC 2
  • CLI and API for automation and custom integrations
  • Authenticated scans with header allowlist controls
  • Continuous monitoring with scheduled rescans and alerts

Overview of migration from APIsec to middleBrick

This guide outlines how to move from APIsec to middleBrick while preserving scan discipline and CI workflows. middleBrick is a self-service API security scanner that submits a URL and returns a risk score with prioritized findings. It performs black-box scanning with read-only methods and does not require agents or code access. The tool maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023).

Data and configuration migration

Migrate scan configurations by exporting filters and target lists from APIsec and normalizing them into middleBrick inputs. Recreate authorization schemes using Bearer tokens, API keys, Basic auth, and cookies in the middleBrick dashboard or via its API client. Ensure domain verification through DNS TXT records or an HTTP well-known file, which is required to scan with credentials. Only specific headers are forwarded: Authorization, X-API-Key, Cookie, and X-Custom-*.

CI/CD and workflow integration

Reconnect CI pipelines by replacing APIsec CLI calls with the middleBrick CLI (middlebrick scan <url>) and configuring JSON output for parsing. Use the GitHub Action to gate builds when the score drops below your chosen threshold, or leverage the MCP Server to run scans from AI coding assistants. For ongoing monitoring, enable scheduled rescans and configure email or Slack alerts with rate-limited notifications.

Scan coverage and limitations

Expect differences in detection scope, as middleBrick covers the OWASP API Top 10 (2023) and related security headers, while APIsec may have focused on different checks. middleBrick does not perform active SQL injection or command injection, does not detect business logic vulnerabilities, and does not replace a human pentester for high-stakes audits. It also does not detect blind SSRF or provide remediation, only guidance.

Reporting and compliance mapping

Rebuild report consumption habits using the web dashboard for scanned assets, score trends, and downloadable compliance PDFs. middleBrick surfaces findings relevant to SOC 2 Type II and helps you prepare for audits aligned with PCI-DSS 4.0 and OWASP API Top 10 (2023). Note that the tool is a scanner, not an auditor, and cannot certify compliance.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import my APIsec scan history into middleBrick?
Historical scan data from APIsec cannot be directly imported, but you can rebuild tracking by re-scanning assets and using the dashboard to monitor score trends over time.
What authentication methods does middleBrick support?
It supports Bearer tokens, API keys, Basic auth, and cookies. Authentication can only be used after domain ownership is verified via DNS or a well-known file.
Does middleBrick integrate with CI/CD pipelines?
Yes, via the GitHub Action which can fail builds based on score thresholds, and through the CLI for custom pipeline integration.
Is middleBrick suitable for compliance certification?
The tool helps you prepare for audits and aligns with security controls described in PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10, but it does not certify compliance.
What happens to my scan data if I cancel?
Customer data is deletable on demand and purged within 30 days of cancellation. Data is never sold or used for model training.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.