Migrating from APIsec to Protect AI

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or code access
  • Risk score A–F with prioritized findings
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with $ref resolution
  • LLM adversarial probe testing across scan tiers
  • Authenticated scans with header allowlist
  • CI/CD gating via GitHub Action and CLI

Overview of migration considerations

This guide outlines practical steps when moving scanning workflows from APIsec to middleBrick. The focus is on data portability, CI integration continuity, and realistic feature coverage. middleBrick is a black-box API security scanner that does not require agents or code access and returns a risk score with prioritized findings. It supports OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution and runtime validation against spec definitions.

Scan data and reporting export

Export scan results from APIsec in a structured format such as JSON or CSV, including metadata like timestamps, target URLs, severity, and remediation notes. In middleBrick, use the Web Dashboard to download reports as PDF or JSON for equivalent data sets. The CLI supports JSON and text output for scripted migration: middlebrick scan https://api.example.com --output json. Note that historical scan granularity and custom rule sets may differ; map APIsec categories to the 12 OWASP API Top 2023 categories that middleBrick covers directly.

CI/CD and automation integration

Replicate existing CI wiring by using the middleBrick GitHub Action to gate merges on score thresholds. Configure the action with your desired grade (e.g., C) and set the job to fail when findings are introduced. For custom pipelines, call the middleBrick API client with an authentication token, passing only approved headers such as Authorization, X-API-Key, Cookie, and X-Custom-*. Avoid storing credentials in logs; use environment variables and repository secrets. Example snippet for a threshold check:

if [[ $(middlebrick scan $TARGET --output json | jq '.score') < "C" ]]; then exit 1; fi

Authenticated scanning and domain verification

For authenticated workflows, provide Bearer tokens, API keys, Basic auth, or cookies via allowed headers. middleBrick requires domain verification through a DNS TXT record or an HTTP well-known file before accepting credentials, ensuring only the domain owner can run scans with authentication. The scanner enforces read-only methods and blocks private IPs, localhost, and cloud metadata endpoints at multiple layers. Upgrade to Pro to schedule recurring scans and receive diffs that highlight new or resolved findings across runs.

Known gaps and feature alignment

middleBrick does not perform intrusive payloads such as active SQL injection or command injection, nor does it detect blind SSRF via out-of-band channels. It identifies surface areas like JWT misconfigurations, IDOR enumeration, privilege escalation paths, PII exposure, and LLM-specific adversarial probes across tiered scan levels. For business logic flaws or deep infrastructure validation, complement automated results with manual review. Use the compliance framing language to map findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023) where applicable.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import my APIsec scan history into middleBrick?
You can export structured results and use the dashboard or API to create equivalent findings. Historical scan granularity and custom rules may require manual mapping to middleBrick categories.
Will my CI pipeline fail if I switch to middleBrick?
Not inherently. Replicate the same score threshold and gate logic using the GitHub Action or CLI output. Validate that your workflows consume JSON or text output and handle exit codes consistently.
Does middleBrick support authenticated scans with cookies?
Yes, authenticated scanning is supported with Bearer tokens, API keys, Basic auth, and cookies. Domain verification is required before credentials are accepted.
What compliance mappings does middleBrick provide?
Findings map directly to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, the scanner helps prepare evidence and aligns with described security controls without claiming certification.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.