Migrating from APIsec to Tenable

Try middleBrick free

What middleBrick covers

  • Black-box scanning without agents or SDK integration
  • URL submission with A–F risk score and prioritized findings
  • Coverage of OWASP API Top 10 (2023) detection categories
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with ref resolution
  • Authenticated scanning with header allowlist and domain verification
  • CI/CD gating via GitHub Action and CLI exit codes

Overview of migration considerations

This guide focuses on moving your API security workflow from APIsec to middleBrick. It covers data export, rebuilding scan history in the dashboard, preserving CI wiring, and known gaps. The goal is to reduce surprise and rework while keeping risk visibility intact.

Data export and import expectations

Export findings and configuration from APIsec in a structured format such as JSON or CSV. In middleBrick, use the Web Dashboard to import these artifacts where supported, or reconcile them manually. Note that historical scan metadata may require transformation to align with middleBrick finding models. Rebuilding scan history is primarily a dashboard activity; there is no automated bulk-history migration path at this time.

Preserving CI/CD pipeline integrations

Identify where APIsec gates pipelines and exports results. In middleBrick, replicate this with the GitHub Action or CLI in your CI pipeline. Configure the same score threshold behavior so the build fails on significant regressions. Use the MCP Server if your tooling integrates with AI coding assistants. Expect to update job definitions to reference middleBrick endpoints and authentication tokens.

middlebrick scan https://api.example.com --threshold C --output json

Known gaps and alignment with frameworks

middleBrick maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). Other regulations are referenced only as alignment guidance, not certification. Some APIsec detection nuances, such as custom rule logic or proprietary protocol checks, may not have direct equivalents and should be reviewed manually. Business logic vulnerabilities and blind SSRF are out of scope for automated detection in either platform.

Operational steps and ongoing monitoring

After migration, run a baseline scan for each API surface and compare scores to prior severity ratings. Enable continuous monitoring in Pro to get scheduled rescans and diff detection for new findings and score drift. Configure email alerts and HMAC-SHA256 signed webhooks for automated response, noting that webhooks disable after five consecutive failures. Use the dashboard to track trends and generate compliance PDFs where needed.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import raw APIsec scan data automatically?
There is no automated bulk-import for historical scan data. You can export findings and reconcile them manually or transform them to match middleBrick models.
Will my existing CI pipeline configuration work unchanged?
No, you will need to update commands and thresholds to use the middleBrick CLI or GitHub Action and to reference new authentication and endpoint details.
Does middleBrick cover the same regulatory frameworks as APIsec?
middleBrick maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, it supports audit evidence and aligns with described controls but does not certify compliance.
Can I block merges if the score drops below a specific grade?
Yes. Configure the GitHub Action to fail the build when the score drops below your chosen threshold, and use the CLI in scripts to enforce policy.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.