Migrating from 42Crunch to middleBrick for GraphQL gateway audit

Try middleBrick free

What middleBrick covers

  • Black-box API scanning with no agents or code access
  • Risk score A–F with prioritized findings
  • Detection aligned to OWASP API Top 10 (2023), PCI-DSS 4.0, SOC 2 Type II
  • GraphQL endpoint coverage including introspection and query analysis
  • Authenticated scans with Bearer, API key, Basic, and cookie support
  • Scheduled rescans and diff-based alerting for continuous monitoring

Current workflow with 42Crunch and its constraints

If you currently use 42Crunch for GraphQL gateway audit, your workflow likely depends on platform-managed scans, predefined rules, and outputs tied to the vendor environment. Reports are generated inside the platform, and exporting raw data for custom dashboards or compliance packaging can require additional steps. You may also rely on the platform to handle authentication and to validate gateway behavior, which can limit visibility into runtime configurations outside the vendor environment.

How middleBrick fits into the GraphQL gateway audit workflow

middleBrick functions as a self-service API security scanner you can apply directly to your GraphQL endpoint. You submit a URL, and within under a minute you receive a risk score from A to F with prioritized findings. The scanner is black-box, requiring no agents, SDKs, or code access, so it works with any language, framework, or cloud setup. For GraphQL gateways, this means you can validate the public surface without instrumenting services or changing deployment pipelines.

Detection coverage aligned to audit frameworks

middleBrick maps findings directly to three frameworks: PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For GraphQL gateway audit, relevant detections include authentication bypass, excessive query depth or complexity exposures, IDOR via sequential resource guessing, and sensitive data exposure in error responses or introspection results. The scanner parses OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution and cross-references spec definitions against runtime behavior to highlight undefined security schemes or deprecated operations.

Authenticated scanning and domain verification for gateways

With Starter tier and above, you can run authenticated scans against GraphQL endpoints using Bearer tokens, API keys, Basic auth, or cookies. Before scanning, a domain verification gate (DNS TXT record or HTTP well-known file) ensures only the domain owner can submit credentials. The scanner forwards a strict allowlist of headers, including Authorization, X-API-Key, Cookie, and X-Custom-*, which helps maintain a controlled audit while avoiding unintended data leakage.

LLM and AI security probing for modern gateway threats

The scanner includes LLM / AI Security coverage with 18 adversarial probes across Quick, Standard, and Deep tiers. These probes target system prompt extraction, instruction override, DAN and roleplay jailbreaks, data exfiltration, token smuggling, and nested instruction injection specific to AI-assisted gateway components. Because these tests are read-only, they avoid destructive payloads while exposing prompt injection and model manipulation risks in gateway implementations.

Reporting, monitoring, and migration considerations

Findings are delivered through the Web Dashboard, where you can track score trends, download branded compliance PDFs, and manage remediation. For ongoing GraphQL gateway audit, Pro tier adds scheduled rescans every 6 hours, daily, weekly, or monthly, with diff detection for new findings, resolved items, and score drift. Email alerts are rate-limited to one per hour per API, and HMAC-SHA256 signed webhooks support automated workflows; data is deletable on demand and never used for model training.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import my 42Crunch scan results into middleBrick for comparison?
middleBrick does not currently provide an import for 42Crunch scan artifacts. You can compare findings by running the same endpoint in middleBrick and contrasting the risk scores and listed detections manually.
Does authenticated scanning against GraphQL require special configuration?
Authenticated scanning supports Bearer, API key, Basic auth, and cookies. You must pass these credentials with each scan request, and the domain must be verified via DNS TXT record or an HTTP well-known file.
How does middleBrick handle GraphQL introspection in scans?
The scanner treats introspection queries like any other request. It analyzes responses for sensitive field exposure, PII patterns, and over-permissive schema access as part of the standard detection set.
Can I integrate middleBrick into my CI pipeline for GraphQL gateway checks?
Yes, you can use the CLI (`middlebrick scan `) with JSON output or the GitHub Action to gate builds based on score thresholds. The MCP Server also allows AI-assisted scanning from development tools.
What happens to my scan data if I cancel the service?
Customer scan data is deletable on demand and is purged within 30 days of cancellation. The data is not sold and is not used for model training.

Related Pages

Tool abuse audit — API securityTool abuse audit: what to check, how to automate it, and how middleBrick covers it.Vendor risk assessment — API securityVendor risk assessment: what to check, how to automate it, and how middleBrick covers it.Webhook receiver hardening — API securityWebhook receiver hardening: what to check, how to automate it, and how middleBrick covers it.Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.