Migrating from Salt Security to middleBrick

Try middleBrick free

What middleBrick covers

  • Self-service black-box API scanning under one minute
  • 12 OWASP API Top 10 categories aligned to compliance frameworks
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with spec-to-runtime cross-check
  • Authenticated scanning with header allowlist controls
  • Pro continuous monitoring and diff detection across scans
  • CI/CD integration with GitHub Action quality gates

Exporting findings from Salt Security

Begin by exporting findings from Salt Security using its UI or API. Request the findings summary and rule mappings for the APIs you want to migrate. Save the export in a structured format such as JSON or CSV so you can map findings to middleBrick categories later.

Rebuilding scan history in middleBrick

middleBrick does not ingest historical scans, so you rebuild context by re-running scans against the same API endpoints. Run an initial scan with the middleBrick CLI or dashboard, then schedule recurring scans using the Pro continuous monitoring settings. Use the comparison reports in the dashboard to track which findings remain, which are new, and which have been resolved across the migration period.

Keeping CI wired during the cutover

To avoid breaking deployments, maintain both tools in parallel for one sprint. Update your GitHub Action or CI pipeline to run the middleBrick CLI as an additional check while keeping the Salt Security gate unchanged. Gradually raise the quality gate threshold in middleBrick until it matches your risk tolerance, then switch the pipeline to fail only on middleBrick results and disable the Salt Security gate.

What you will miss and how to compensate

Salt Security includes runtime protection and inline blocking, which middleBrick does not provide. middleBrick focuses on detection and reporting, so you lose active blocking of malicious requests. Compensate by coupling scans with a WAF or API gateway policies for blocking, and use the remediation guidance in each finding to reduce exposure until controls are implemented.

What you will gain and next steps

You gain a self-service, read-only scanner with a quick turnaround under one minute and transparent scan coverage aligned to OWASP API Top 10, PCI-DSS 4.0, and SOC 2 Type II. Use the CLI for rapid checks, the dashboard for trend reports, and Pro monitoring for diffs across scans. Start with a small set of critical APIs, validate findings against your environment, and expand coverage as your team adjusts to the new workflow.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import Salt Security findings into middleBrick?
middleBrick does not support importing findings from other tools. You will re-scan endpoints with middleBrick and compare results manually or via dashboard reporting.
Does middleBrick block malicious requests like Salt Security does?
No, middleBrick is a detection-only scanner. It surfaces risks and remediation guidance but does not block or remediate traffic. Use a WAF or API gateway for runtime protection.
How do I map Salt Security rules to middleBrick findings?
Map using the underlying OWASP API Top 10 categories and vulnerability types. For example, authentication bypass in Salt Security typically corresponds to Authentication and JWT misconfigurations in middleBrick.
Will my scan history be preserved if I cancel?
Customer scan data is deletable on demand and purged within 30 days of cancellation. Historical scans are retained in your dashboard until you request deletion.

Related Pages

Alternatives to DetectifyViable alternatives to Detectify for API security — including middleBrick.Alternatives to Noname SecurityViable alternatives to Noname Security for API security — including middleBrick.Alternatives to Salt SecurityViable alternatives to Salt Security for API security — including middleBrick.