When Public breach in the news

When a public breach hits, confirm whether your API surface was in scope before the story spreads. Use a black-box scanner that requires no agents or code access to quickly map what is exposed.

Run a credentialed scan within hours to validate authentication controls and identify risky endpoints that may have been overlooked during development. Prioritize findings by risk score to focus remediation on the most exploitable paths first.

The scanner performs read-only methods (GET and HEAD) plus text-only POST for LLM probes, completing in under a minute. It checks 12 categories aligned to OWASP API Top 2023, including authentication bypass, excessive data exposure, and injection surfaces.

• Authentication and security header compliance
• BOLA and IDOR via sequential and adjacent ID probing
• BFLA and privilege escalation attempts
• Property authorization and field over-exposure
• Input validation, CORS misconfigurations, and debug endpoints
• Rate limiting, oversized responses, and SSRF indicators
• Data exposure patterns such as emails, card Luhn checks, and API key formats
• Encryption posture including HTTPS redirects and HSTS
• LLM adversarial probes across Quick, Standard, and Deep tiers

The tool parses OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution. It cross-references the spec against runtime behavior to highlight undefined security schemes, deprecated operations, and missing pagination or rate limit definitions.

Correlating spec and runtime findings helps you distinguish expected deviations from unexpected exposure, reducing noise when you triage results under time pressure.

Authenticated scans support Bearer, API key, Basic auth, and cookies. Domain verification via DNS TXT or HTTP well-known file ensures only the domain owner can scan with credentials.

Header forwarding is limited to Authorization, X-API-Key, Cookie, and X-Custom-* to minimize side effects. The scanner uses read-only methods only and blocks private IPs, localhost, and cloud metadata endpoints at multiple layers.

The web dashboard centralizes scans, score trends, and branded compliance PDFs aligned to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10. Use the CLI with middlebrick scan <url> for JSON or text output in automated workflows.

Enable continuous monitoring on hourly to monthly schedules to receive diffs that highlight new or resolved findings. Configure email and Slack/Teams alerts, and integrate the GitHub Action as a CI/CD gate that fails the build when the score drops below your threshold.