When Cyber insurance renewal

When a cyber insurance renewal approaches, you need an accurate, repeatable view of your external API risk. middleBrick is a self-service API security scanner that submits a URL and returns a risk score from A to F along with prioritized findings. Because it is black-box, it requires no agents, SDKs, or code access and works with any language, framework, or cloud. A full scan completes in under a minute using read-only methods and text-only POST probes, so you can gather evidence without impacting production.

middleBrick maps findings directly to three frameworks commonly referenced during insurance assessments: PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). Detection coverage includes authentication bypass, JWT misconfigurations such as alg=none or expired tokens, broken object level authorization and IDOR, privilege escalation attempts, data exposure including PII and API key patterns, injection and SSRF indicators, and LLM security probes. The scanner parses OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution and cross-references spec definitions against runtime behavior to identify undefined security schemes, sensitive fields, deprecated operations, and missing pagination.

For more thorough assessments, enable authenticated scanning on the Starter tier and above. Supported methods include Bearer tokens, API keys, Basic auth, and cookies, with domain verification via DNS TXT records or an HTTP well-known file to ensure only the domain owner can scan with credentials. The scanner forwards a restricted allowlist of headers, including Authorization, X-API-Key, Cookie, and X-Custom-* headers. This helps surface issues that require a valid session while maintaining strict read-only behavior, with destructive payloads never sent and internal or cloud metadata endpoints blocked at multiple layers.

With Pro tier, you can schedule rescans every 6 hours, daily, weekly, or monthly and track score trends over time. Diff detection highlights new findings, resolved findings, and score drift between scans. You receive email alerts at a rate-limited cadence of 1 per hour per API, and HMAC-SHA256 signed webhooks notify external systems with auto-disable after 5 consecutive failures. This setup supports audit evidence collection and helps you demonstrate ongoing risk management to underwriters without committing to specific regulatory compliance claims.

middleBrick detects and reports with remediation guidance but does not fix, patch, block, or remediate issues directly. Use the Web Dashboard to review scan reports, download branded compliance PDFs, and track progress. The CLI allows on-demand scans with JSON or text output, and the GitHub Action can gate CI/CD based on score thresholds. The MCP Server enables scanning from AI coding assistants, and the API client supports custom integrations for programmatic workflows.