Migrating from Lasso Security to middleBrick

Begin by extracting your existing findings and configuration from Lasso Security. Use their export function to download scan reports, typically delivered as JSON or CSV files. If an export option is unavailable, request data via their API or support channel, specifying the date range and the exact scan identifiers you need. Keep the exported files intact; they preserve finding details, severity labels, and remediation notes required to rebuild context later.

With your data exported, map Lasso findings to middleBrick categories using the shared identifiers from OWASP API Top 10. Ingest the findings into middleBrick by running scans against the same API endpoints. Use the CLI to batch-scan multiple URLs and feed results into your dashboard to reconstruct historical timelines. Where automated mapping is incomplete, manually review edge cases such as authorization bypasses or sensitive data exposure and tag them to align with middleBrick’s detection schema.

Keep your CI pipelines running by configuring the middleBrick CLI as a drop-in replacement for Lasso checks. Update your pipeline configuration to run middlebrick scan <url> and output JSON for parsing. Set a score threshold that fails the build only when new high-severity findings appear, avoiding false failures caused by historical differences. Use the GitHub Action to gate merges, ensuring every deployment is validated before release.

middlebrick scan https://api.example.com --output json --threshold high

Lasso Security may provide specific proprietary detection rules that do not have direct equivalents in middleBrick. Certain niche findings tied to Lasso’s internal heuristics might not map cleanly to the standardized categories used here. You will also lose any native integrations that depend on Lasso’s proprietary data formats or alert delivery mechanisms. Accept these gaps as a trade-off for standardized detection aligned with OWASP API Top 10 and broader platform compatibility.

You gain a consistent scanning interface across languages and frameworks, with black-box methodology that requires no agents or SDKs. Scan results are delivered in under a minute with a clear risk grade and prioritized findings. The platform supports authenticated scans with Bearer, API key, Basic auth, and cookies, while the dashboard provides score trends, compliance mappings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10, and the ability to download branded compliance reports. Continuous monitoring options and webhook alerts keep ongoing risk visible without manual intervention.