Migrating from Escape to middleBrick

Export findings and configuration from Escape using their built-in report download or API access. Request a full JSON or CSV dump that includes scan timestamps, target URLs, severity labels, and any associated evidence such as request/response pairs. If Escape supports project-level exports, select all projects you intend to migrate so the dataset is complete before switching tools.

Retain the mapping between findings and severity labels during export. This makes it easier to compare results in middleBrick and to decide which issues require immediate treatment. Keep the exported files in versioned storage so you can reference them later for audits or for rebuilding historical views.

In middleBrick, ingest your exported data by creating manual entries or using the API client to push normalized findings into the system. Use the dashboard to batch-create scans for each target URL and set the same scan cadence you used in Escape. middleBrick stores scan history and score trends, so over time you rebuild a comparable timeline of security posture.

Because middleBrick does not execute intrusive tests, you will not reproduce exact exploit evidence from Escape. Instead, rely on the exported request/response pairs for proof-of-concept details. Use middleBrick findings as a continuous indicator rather than a point-in-time forensic artifact.

Before switching CI pipelines, validate that your middleBrick CLI or GitHub Action can authenticate against the same target set. Run a small pilot scan in a non-production branch to confirm token permissions, header allowlists, and domain verification succeed. Update CI workflows to call middlebrick scan <url> and set thresholds that match your risk policy.

During cutover, keep the Escape pipeline active but mark its results as reference only. If your CI previously failed the build based on Escape findings, mirror that behavior by configuring middleBrick to fail the build when the score drops below your chosen threshold. Once the new pipeline produces stable results for a full scanning cycle, decommission Escape jobs.

Migration from Escape to middleBrick involves trade-offs. You will lose any active exploitation capabilities Escape provided, such as SQL injection or command injection payloads, because middleBrick limits testing to read-only methods. Business logic vulnerabilities that require domain knowledge will also not be detected, so retain human review for high-risk workflows.

Compensate by layering specialized tools for intrusive testing and logic flaws where needed. Use separate SAST or DAST suites for deep injection testing, and maintain a pentesting engagement for architecture-level reviews. middleBrick maps findings to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II, which helps you prepare audit evidence for these frameworks even if it does not replace an auditor.

You gain a self-service, black-box scanner that works without agents or SDKs across any language or cloud. Scan times remain under a minute, and you receive a risk score from A to F with prioritized findings aligned to the OWASP API Top 10. Continuous monitoring options provide scheduled rescans and diff detection so you can track score drift across releases.

Start by importing your highest-risk APIs into middleBrick, configure the GitHub Action or CI gate, and enable email or webhook alerts for score changes. Use the dashboard to track remediation progress and to generate compliance PDFs for PCI-DSS 4.0 or SOC 2 Type II evidence. For recurring deep validation, consider the Pro tier with 100 APIs and webhook reliability features.