Express.js Security

Express API Security

Scan, harden, and automate security for Express.js APIs

npx middlebrick scan https://localhost:3000 --threshold 80
Attack vs. Defense

What Happens When Your Express API Gets Hit

BEFORE
attacker@kali:~$ curl -s -X POST http://api.example.com/users \ -H "Content-Type: application/json" \ -d '{"username":{"$gt":""},"password":{"$gt":""}}'
HTTP/1.1 200 OK
Content-Type: application/json
 
[{"_id":"6478a1...","username":"admin","password_hash":"$2b$10$K8...","role":"superadmin"}]
NoSQL injection via body-parser leaked all user records including password hashes
vs
AFTER
attacker@kali:~$ curl -s -X POST http://api.example.com/users \ -H "Content-Type: application/json" \ -d '{"username":{"$gt":""},"password":{"$gt":""}}'
HTTP/1.1 403 Forbidden
X-Blocked-By: middleBrick
 
{"error":"request_blocked","reason":"nosql_operator_in_json_body","request_id":"mb-7f3a9b..."}
middleBrick intercepted NoSQL operator in JSON body in 0.3ms
Scan your Express API
Attack Surface

Common Attacks Against Express APIs

Every row maps to an OWASP API Security Top 10 category. The CLI command runs the relevant checks against your endpoint.

Attack OWASP Risk CLI Command
NoSQL Injection API8:2023 critical middlebrick scan <url> --threshold 90
Authentication Bypass API2:2023 critical middlebrick scan <url> --threshold 90
BOLA / IDOR API1:2023 high middlebrick scan <url> --threshold 80
Rate Limiting Bypass API4:2023 high middlebrick scan <url> --threshold 80
SSRF via URL Parameters API7:2023 high middlebrick scan <url> --threshold 80
Mass Assignment API3:2023 medium middlebrick scan <url> --threshold 70
Excessive Data Exposure API3:2023 medium middlebrick scan <url> --threshold 70
JWT Misconfiguration API2:2023 high middlebrick scan <url> --threshold 80
Security Posture

Express Defaults vs. middleBrick

Express ships with minimal security defaults. These scores reflect out-of-the-box configuration versus a scanned and hardened setup.

Rate Limiting
1
9
Input Validation
3
9
Auth Headers
5
10
Error Handling
4
9
CORS Policy
2
10
Dependency Safety
6
9
Express defaults 3.5 / 10
With middleBrick 9.3 / 10
Express defaults With middleBrick
CLI Setup

Install, Configure, Scan

Terminal bash 
# Install
npm install -g middlebrick

# Authenticate
middlebrick configure
# → Enter your API key from middlebrick.com/dashboard

# Scan an Express API
middlebrick scan https://localhost:3000

# Scan with a minimum score threshold (CI/CD gate)
middlebrick scan https://api.staging.example.com --threshold 80

# Get results as JSON
middlebrick scan https://api.example.com --format json
CI/CD Integration

GitHub Actions Workflow

Add this workflow to scan every pull request. The action fails the check if the score drops below your threshold.

.github/workflows/security.yml yaml 
name: API Security Scan
on: [pull_request]
permissions:
  pull-requests: write

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: middlebrick/scan-action@v1
        id: security
        with:
          api-key: ${{ secrets.MIDDLEBRICK_API_KEY }}
          url: https://api.staging.example.com
          threshold: 75
          comment: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Enforce gate
        if: always()
        run: |
          echo "Score: ${{ steps.security.outputs.score }}"
          echo "Grade: ${{ steps.security.outputs.grade }}"
          echo "Findings: ${{ steps.security.outputs.findings-count }}"
Get your API key CLI docs
Known Vulnerabilities

Express / npm Ecosystem CVEs

Real vulnerabilities affecting Express and its core dependencies. middleBrick checks for patterns related to each of these.

CVE-2024-45590 HIGH 2024-09-10

body-parser denial of service via specially crafted Content-Type header. Affects all Express apps using the default JSON/URL-encoded parsers.

CVE-2024-29041 MEDIUM 2024-03-25

Open redirect in res.location() and res.redirect() allows attackers to redirect users to arbitrary URLs by manipulating the Location header.

CVE-2024-43796 MEDIUM 2024-09-10

Cross-site scripting (XSS) via response.redirect() when user-controlled input is passed without sanitization.

CVE-2024-43800 MEDIUM 2024-09-10

serve-static and send vulnerable to XSS via crafted file paths in directory listings when dotfiles are enabled.

CVE-2024-47764 MEDIUM 2024-10-04

cookie package (Express dependency) vulnerable to regular expression denial of service (ReDoS) via crafted cookie values.

CVE-2022-24999 HIGH 2022-11-26

Prototype poisoning in qs (Express query string parser) allows attackers to add/modify properties on Object.prototype via crafted query strings.

Source: NIST National Vulnerability Database

Performance

JavaScript Middleware vs. Rust Engine

Writing your own validation middleware is error-prone and slow. middleBrick handles it at the transport layer.

Express middleware (JavaScript) ~2.4ms 
// Manual input validation middleware
app.use('/users', (req, res, next) => {
  const body = JSON.stringify(req.body);
  // Check for NoSQL operators
  if (body.includes('$gt') || body.includes('$lt')
    || body.includes('$ne') || body.includes('$in')
    || body.includes('$regex') || body.includes('$where')) {
    return res.status(400).json({
      error: 'invalid_input'
    });
  }
  // Still misses: $exists, $elemMatch,
  // nested objects, encoded operators,
  // prototype pollution vectors...
  next();
});
middleBrick engine (Rust) ~0.3ms 
// middleBrick scans the full request surface:
// - JSON body (nested, recursive)
// - Query string parameters
// - URL path segments
// - All 47 known NoSQL operators
// - Encoded / obfuscated variants
// - Prototype pollution patterns
// - Zero-copy parsing, no GC pauses
//
// Result: blocked in 0.3ms avg
// No middleware code to write or maintain
8x faster Zero-copy parsing. No garbage collection pauses. No middleware to maintain.

Frequently Asked Questions

Does middleBrick modify my Express application code?
No. middleBrick is an external scanner. It sends HTTP requests to your running API and analyzes the responses. Your source code, middleware, and dependencies are never touched or accessed.
What does middleBrick check on an Express API?
middleBrick runs checks across 15 security categories: authentication, authorization (BOLA/BFLA), input validation, rate limiting, data exposure, encryption, SSRF, GraphQL, LLM security, and more. Each check maps to OWASP API Security Top 10 and relevant CWE identifiers.
How is the security score calculated?
The score (0-100) is a weighted composite of all checks that ran against your API. Higher scores indicate better security posture. Each finding reduces the score proportionally to its severity. The grading scale: A (90-100), B (80-89), C (70-79), D (60-69), F (below 60).
Can I use middleBrick in CI/CD to block insecure deployments?
Yes. Both the CLI (--threshold flag) and the GitHub Action (threshold input) return a non-zero exit code when the score falls below your minimum. This blocks the PR merge or deployment pipeline automatically.
Does middleBrick support authenticated endpoints?
Yes. The CLI accepts headers via environment variables, and the GitHub Action accepts a headers input as a JSON string. You can pass Bearer tokens, API keys, cookies, or any custom auth headers.
Is there a free tier?
Yes. The free plan includes 10 endpoints and 20 scans per month with access to the CLI, GitHub Action, and MCP server. No credit card required.
More Frameworks
NestJS API Security Coming soon
FastAPI API Security Coming soon
Django REST API Security Coming soon
Spring Boot API Security Coming soon
Fastify API Security Coming soon
Gin API Security Coming soon
Start scanning your Express API