Pricing alternative to Probely

This page frames middleBrick as a pricing alternative to Probely when budget constraints make commercial scanners prohibitive. It compares subscription models and total-cost factors rather than promising outcomes. The tool is a self-service black-box scanner that submits a URL and receives a risk score from A to F with prioritized findings. Scan time is under a minute and no agents, SDKs, or code access are required.

The scanner covers 12 categories aligned to OWASP API Top 10 (2023), including Authentication bypass, BOLA and IDOR, BFLA and privilege escalation, Property Authorization over-exposure, Input Validation, Rate Limiting and Resource Consumption, Data Exposure, Encryption issues, SSRF, Inventory Management, Unsafe Consumption, and LLM/AI Security. Findings map directly to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, the tool helps you prepare for and aligns with security controls described in relevant standards, supporting audit evidence without asserting certification or compliance guarantees.

Authenticated scans are available from the Starter tier upward, supporting Bearer, API key, Basic auth, and Cookie methods. Domain verification requires a DNS TXT record or an HTTP well-known file to ensure only the domain owner can scan with credentials. The header allowlist is limited to Authorization, X-API-Key, Cookie, and X-Custom-* headers. Customer scan data is deletable on demand and purged within 30 days of cancellation; data is never sold and is not used for model training.

Delivery options include a Web Dashboard for scanning, viewing reports, tracking score trends, and downloading branded compliance PDFs; a CLI via the middle npm package with JSON or text output; a GitHub Action for CI/CD gating that fails builds below a score threshold; an MCP Server for AI coding assistants; and a programmatic API for custom integrations. Continuous monitoring on the Pro tier supports scheduled rescans every 6 hours, daily, weekly, or monthly, with diff detection across scans and email alerts rate-limited to one per hour per API.

Free tier offers 3 scans per month with CLI access. Starter at 99 USD per month provides 15 APIs, monthly scans, dashboard, email alerts, and MCP Server. Pro at 499 USD per month supports 100 APIs with additional APIs priced at 7 USD each, plus continuous monitoring, GitHub Action gates, CI/CD integration, Slack/Teams alerts, compliance reports, and signed webhooks. Enterprise at 2000 USD per month offers unlimited APIs, custom rules, SSO, audit logs, SLA, and dedicated support. When comparing sticker prices, consider that middleBrick avoids per-scan fees, reducing variability for teams with fluctuating volumes.

The tool does not fix, patch, block, or remediate findings; it detects and reports with remediation guidance. It does not perform active SQL injection or command injection, which are outside scope due to the need for intrusive payloads. It does not detect business logic vulnerabilities, blind SSRF, or replace a human pentester for high-stakes audits. These limitations are surfaced explicitly so teams can plan complementary testing methods.