How It Works

middleBrick is a black-box API security scanner. It analyzes your API from the outside, the same perspective an attacker has, without needing credentials, source code, or infrastructure access.

Scan Pipeline

Every scan follows four stages:

1. Submit

You provide a URL (via the dashboard, CLI, API, MCP, or GitHub Action). Optionally, you can include:

An OpenAPI/Swagger spec URL for deeper analysis
A context parameter (financial, medical, public, internal) to prioritize relevant checks

2. Scan

The engine sends targeted HTTP requests to the endpoint and analyzes the responses. All 12 security checks run in parallel:

Static analysis: inspects headers, response structure, data patterns, and configuration
Active probing: tests for auth bypass, IDOR, rate limiting, SSRF, and more using safe, non-destructive requests
Spec cross-referencing: if an OpenAPI spec is provided, compares documented security posture against actual runtime behavior
AI/LLM probing: for detected AI endpoints, runs adversarial prompts to test for prompt injection, jailbreaks, and data leakage

3. Filter

An on-edge AI model reviews all findings before they reach you. This step:

Reduces false positives by validating findings against context
Merges duplicate or overlapping findings
Adjusts confidence levels based on corroborating evidence

4. Report

Results are delivered in under a minute:

Overall score (0–100) and letter grade (A–F)
Per-category scores for each of the 12 security checks
Findings sorted by severity with descriptions and remediation guidance
PDF export available from the dashboard for compliance and reporting

Safety Guarantees

middleBrick is designed to observe, not interfere:

Read-only methods only. The scanner only sends GET and HEAD requests. Destructive methods (DELETE, PUT, PATCH, POST) are blocked at the API layer. The only exception is AI/LLM probing, which sends POST requests with text prompts to detected AI endpoints.
Non-destructive payloads. No SQL injection, no file writes, no resource creation. Probes are detection-only.
No inline traffic interception. middleBrick does not sit in the path of your API traffic. It sends its own requests independently and asynchronously.
SSRF protection. The scanner rejects requests to private IPs, localhost, and cloud metadata endpoints.
Throttled probes. AI/LLM adversarial probes run sequentially with delays to avoid overwhelming your endpoint.

The scan is equivalent to what any unauthenticated user could do with curl, but automated and analyzed.

What the Scanner Does NOT Need

middleBrick is designed for zero-friction adoption:

Requirement	middleBrick	Traditional DAST
Credentials / API keys	Not needed	Usually required
Agents or sidecars	None	Often required
Source code access	None	Sometimes required
SDK / library integration	None	Varies
Manual configuration	None	Extensive
Infrastructure access	None	Usually required

You give it a URL. It gives you a security assessment. Everything else is optional.

Scoring

Every scan produces a 0–100 security score and a letter grade (A–F). The score is derived from weighted analysis across all 12 security categories. Each finding carries a severity level (critical, high, medium, low, info) that impacts the score proportionally.

Higher severity findings have a larger impact — a single critical finding will drop your score significantly more than several low-severity ones.

See Understanding Your Score for details on interpreting and improving your results.

OpenAPI Spec Analysis

When you provide an OpenAPI or Swagger spec URL, the engine performs deeper analysis by cross-referencing your documented API definition with actual runtime behavior:

Security scheme validation: checks that schemes defined in the spec (OAuth2, API key, Bearer) are actually enforced
Operation-level security: verifies that individual operations have appropriate security requirements
Schema analysis: identifies sensitive fields, mass assignment risks, and over-exposed properties
Deprecation checks: flags deprecated operations that are still active and accessible

Supported formats: OpenAPI 3.0, OpenAPI 3.1, and Swagger 2.0. The spec is fetched at scan time and processed alongside the live endpoint analysis.

Without a spec, middleBrick still performs a comprehensive scan using response analysis and active probing. The spec adds depth but isn’t required.

Context-Aware Scanning

The optional context parameter adjusts how the engine prioritizes its analysis:

Context	Prioritized checks	Typical use
`financial`	Authentication, data exposure, encryption	Banking, payments, fintech APIs
`medical`	Data exposure, authentication, encryption	Healthcare, HIPAA-regulated APIs
`public`	Rate limiting, inventory management	Public-facing, high-traffic APIs
`internal`	Function-level authorization, property authorization	Internal microservices

Without a context, the engine uses balanced default weights suitable for general-purpose APIs.

Limitations

middleBrick is a black-box scanner. It tests what’s visible from the outside, and there are things it can’t do:

Authenticated flows: it scans the unauthenticated attack surface. Authenticated endpoint testing is on the roadmap.
Internal APIs: the endpoint must be publicly accessible over HTTPS.
Non-HTTP APIs: supports REST/JSON, GraphQL, and AI/LLM endpoints. gRPC and WebSocket analysis are planned.
Business logic flaws: it detects technical vulnerabilities, not application-specific logic issues.
Source code analysis: it’s runtime-only, not a SAST tool. Use it alongside your existing code scanning.

middleBrick is best used as a continuous, automated layer in your security stack, catching the OWASP API Top 10 on every deploy and complementing periodic manual pentests.