Migrating from 42Crunch to middleBrick for Internal microservice audit

Internal microservice audits with 42Crunch often rely on agent-based instrumentation or tight coupling to specific frameworks. This can require changes to deployment pipelines, SDK adoption, and ongoing maintenance of instrumentation across languages. Because analysis is tied to agents, the scan surface is limited to what the agents can see, and findings may not map cleanly to the broader API surface that external traffic exercises. In addition, some platforms place restrictions on what can be injected or observed, which can block scans entirely or produce incomplete results.

middleBrick is a black-box API security scanner that removes the need for agents, SDKs, or code access. You submit a URL and receive a risk score from A to F with prioritized findings in under a minute. The scanner uses read-only methods (GET and HEAD) plus text-only POST for LLM probes, so it operates without modifying your services. This makes it well suited for auditing internal microservice APIs as they exist in production, without requiring changes to build pipelines or runtime behavior. It supports any language, framework, or cloud environment, and it exposes findings aligned to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II controls.

For internal microservice audits, focus on what can be observed externally and where authorization boundaries matter. middleBrick detects authentication bypasses, JWT misconfigurations such as alg=none or HS256 with weak secrets, and security header issues. It probes for BOLA and IDOR via sequential ID patterns and active adjacent-ID checks, tests for BFLA and privilege escalation through admin endpoint discovery, and identifies property authorization problems like over-exposure of internal fields. Input validation checks include CORS wildcard usage with credentials, dangerous HTTP methods, and debug endpoints. The scanner also flags data exposure risks such as PII patterns, API key formats (for example AWS and GitHub styles), and error or stack-trace leakage. Server-side risks like SSRF targeting URL-accepting parameters and body fields are assessed with active probes for internal IP and private network bypass attempts. Additional coverage includes unsafe consumption surfaces, missing versioning, legacy path patterns, and LLM/AI security probes across tiered scan depths.

When you need to exercise authenticated paths, middleBrick supports Bearer, API key, Basic auth, and Cookie authentication in Starter tier and above. Before credentials are accepted, a domain verification gate confirms ownership through DNS TXT records or an HTTP well-known file, ensuring only the domain owner can submit authenticated scans. The scanner forwards a strict header allowlist limited to Authorization, X-API-Key, Cookie, and X-Custom-* headers. This approach lets you validate internal microservice behaviors behind auth while preserving a controlled and auditable surface. Note that middleBrick is a scanner and does not fix, patch, block, or remediate; it reports findings with remediation guidance.

The Web Dashboard centralizes scans, score trends, and downloadable compliance PDFs, making it easier to communicate risk to stakeholders. For CI/CD integration, the CLI (middlebrick scan <url>) can be used locally or in pipelines, and the GitHub Action can fail builds when scores drop below a defined threshold. The MCP Server allows scans from AI coding assistants such as Claude and Cursor. Continuous monitoring (Pro tier) provides scheduled rescans, diff detection for new or resolved findings, score drift tracking, and rate-limited email alerts. Signed webhooks help automate responses, with auto-disable after five consecutive failures. Data handling is strict: customer scan data is deletable on demand, purged within 30 days of cancellation, and never sold or used for model training.