Migrating from APIsec to Kong

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or SDK integration
  • URL submission returns A–F risk score with prioritized findings
  • Detects OWASP API Top 10 categories plus LLM security probes
  • Supports authenticated scans with header allowlist controls
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with spec-to-runtime cross-check
  • Pro tier continuous monitoring and signed webhook alerts

Overview of migration goals

This guide outlines the practical steps and expected gaps when moving scan definitions and schedules from APIsec to middleBrick. The focus is on preserving coverage of PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023) while rebuilding workflows in the new environment.

Exporting and importing scan definitions

Export scan configurations, target lists, and schedule settings from APIsec in a structured format such as JSON or CSV. Map each target URL to the corresponding middleBrick scan job, preserving environment tags and ownership metadata. Authentication details such as Bearer tokens, API keys, Basic credentials, and cookies must be re-entered in middleBrick authenticated scanning, and domain verification via DNS TXT record or HTTP well-known file must be completed before storing credentials.

Rebuilding CI/CD and monitoring integrations

Recreate CI/CD gates using the middleBrick GitHub Action, setting the same score threshold that caused failures in APIsec. Reconfigure the CLI pipeline with equivalent middlebrick scan <url> commands, and update any scheduled jobs to use the Pro continuous monitoring cadence of every 6 hours, daily, weekly, or monthly. Redirect alert endpoints to the new email and HMAC-SHA256 signed webhook consumers, noting that webhooks disable after 5 consecutive failures and require manual re-enable.

Handling scan history and compliance evidence

Historical scan findings and score trends from APIsec will not automatically transfer; rebuild tracking by exporting reports and storing them alongside middleBrick dashboard snapshots. Use the middleBrick dashboard to generate branded compliance PDFs that validate controls from PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks such as HIPAA or GDPR, use alignment language to describe how findings support audit evidence without asserting certification or compliance guarantees.

Known gaps and limitations to plan for

MiddleBrick does not fix, patch, block, or remediate; it detects and reports with remediation guidance. It does not perform active SQL injection or command injection testing, does not detect business logic vulnerabilities, and does not detect blind SSRF without out-of-band infrastructure. Plan manual follow-up for logic issues and consider pairing automated scans with periodic human reviews for high-stakes audits to cover areas outside automated detection scope.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import an APIsec scan report directly into middleBrick?
No, middleBrick does not have an import for APIsec report files. Re-enter targets and authentication in middleBrick and use its dashboard to track findings and scores.
Will my existing CI pipelines work without changes after migration?
No, update CI pipelines to use the middleBrick GitHub Action or CLI commands, and adjust thresholds and alert routing to match your new monitoring configuration.
Does middleBrick store my raw scan data indefinitely?
Customer scan data is deletable on demand and purged within 30 days of cancellation. It is not sold and is not used for model training.
Can middleBrick prove compliance with HIPAA or GDPR?
middleBrick helps you prepare evidence and aligns with security controls described in HIPAA or GDPR, but it does not certify or guarantee compliance.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.