Migrating from APIsec to middleBrick

Begin by extracting your existing data from APIsec so nothing is lost during the transition. Most installations allow a full export via the web dashboard or its underlying API; look for an export option that produces JSON or CSV for scan records, and for configuration templates that include custom headers and authentication schemes. If a bulk export is unavailable, script the collection of scan IDs, timestamps, and result summaries using the APIsec API, and archive the raw responses for reference. Capture any custom mappings you use for severity or tags so you can recreate similar groupings in middleBrick.

Import your archived findings into a format middleBrick can compare against future scans. Transform the export into a lightweight inventory that lists each endpoint, its authentication method, and the original risk score and finding names. Use this inventory as a baseline when you run your first middleBrick scans; you can manually map findings to similar categories such as authentication bypass, IDOR, or data exposure. While scan histories are not automatically merged, keeping a time-stamped record of the original reports allows you to track remediation progress across the migration.

To avoid breaking deployments, run both tools in parallel for one sprint before switching gates. In your CI pipeline, add a temporary step that calls the middleBrick CLI against the same URL used by APIsec, outputting JSON for comparison. Use the GitHub Action to enforce a score threshold only after you have validated that middleBrick’s findings align with your risk tolerance. During the transition, keep APIsec gates active but mark them as informational; once middleBrick produces consistent, stable results, reconfigure the pipeline to rely solely on middleBrick and remove the old integration.

For the CLI, a minimal example is:

middlebrick scan https://api.example.com/openapi.json --output json

APIsec may include features that middleBrick does not replicate, such as active exploit attempts or deep business logic checks. middleBrick focuses on detection through read-only methods and does not perform intrusive payloads like SQL injection or command injection, nor does it test blind SSRF via out-of-band channels. It also does not replace a human pentester for complex business logic or advanced infrastructure abuse. Compensate by documenting these boundaries in your secure development policy and by scheduling periodic manual reviews for high-risk surfaces that require contextual understanding.

After migration, you gain a scanner that operates without agents or SDKs, completes scans in under a minute, and maps findings to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II controls. The platform supports authenticated scans with Bearer, API key, Basic auth, and cookies, and it blocks unsafe targets such as localhost and private IP ranges by design. Your next steps are to onboard critical APIs first, define a score threshold in the GitHub Action, and enable Pro-tier continuous monitoring for scheduled rescans and HMAC-SHA256 signed webhooks. Use the CLI or MCP Server to integrate scans into developer workflows, and leverage the dashboard to track score trends and generate compliance PDFs.