APIsec for Internal APIs

middleBrick is a self-service API security scanner designed for internal endpoints. You submit a target URL and receive a risk score from A to F along with prioritized findings. The scanner operates in black-box mode without agents, code access, or SDK integration. It supports any language, framework, or cloud environment and completes a scan in under a minute using read-only methods (GET and HEAD) plus text-only POST for LLM probes.

middleBrick maps findings to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II controls. Detection categories include authentication bypass and JWT misconfigurations, broken object level authorization and IDOR, broken function level authorization and privilege escalation, property authorization and over-exposed fields, input validation issues such as CORS wildcard usage and dangerous HTTP methods, rate limiting and resource consumption indicators, and data exposure including PII patterns, API key formats, and error leakage. The scanner also analyzes encryption settings, SSRF indicators, inventory management problems, unsafe consumption surfaces, and LLM/AI security through multi-tier adversarial probes.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 documents with recursive $ref resolution and cross-references spec definitions against runtime behavior to identify undefined security schemes, sensitive fields, deprecated operations, and missing pagination. For authenticated scans at the Starter tier and above, support includes Bearer, API key, Basic auth, and Cookie methods. Domain verification is enforced via DNS TXT record or HTTP well-known file so that only the domain owner can scan with credentials. The scanner forwards a restricted allowlist of headers, including Authorization, X-API-Key, Cookie, and X-Custom-*.

Pro tier enables scheduled rescans at intervals of six hours, daily, weekly, or monthly, with diff detection to highlight new findings, resolved findings, and score drift. Alerts are delivered via email at a rate-limited frequency of one per hour per API, and HMAC-SHA256 signed webhooks auto-disable after five consecutive failures. The product integrates with a web dashboard, CLI via an npm package, GitHub Action for CI/CD gating, an MCP server for AI coding assistants, and a programmable API for custom integrations. Safety measures include read-only operations only, blocking of private IPs, localhost, and cloud metadata endpoints at multiple layers, and strict data handling where customer scan data is deletable on demand and purged within 30 days of cancellation.

middleBrick does not fix, patch, block, or remediate issues; it detects and reports with remediation guidance. It does not perform active SQL injection or command injection testing, as those require intrusive payloads outside its scope. The scanner does not detect business logic vulnerabilities, blind SSRF relying on out-of-band infrastructure, or replace a human pentester for high-stakes audits. These limitations are documented so teams can position the tool within a broader security program.