Migrating from 42Crunch to middleBrick for Microservice mesh boundary audit

When you audit the service mesh boundary, you are verifying what is observable from outside the cluster. middleBrick is a black-box scanner that submits only read-only methods (GET and HEAD) plus text-only POST for LLM probes. It does not require agents, SDKs, or code access, and it completes in under a minute per endpoint. The tool maps findings to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II to help you evaluate controls relevant to external exposure.

Scan coverage includes authentication bypass attempts, JWT misconfigurations such as alg=none or HS256 without proper validation, and incorrect WWW-Authenticate headers. Authorization checks test for BOLA and BFLA, inspecting ID enumeration via sequential IDs and privilege escalation via admin endpoint probing. Scans verify security headers, rate-limit headers, and cookie flags, and they support Bearer, API key, Basic auth, and Cookie authentication. For authenticated scans, domain verification is enforced through DNS TXT records or an HTTP well-known file, and only a limited allowlist of headers is forwarded.

The scanner checks for CORS wildcard usage with and without credentials, dangerous HTTP methods, and debug endpoints that should not be exposed. Data exposure findings cover PII patterns such as email addresses, Luhn-validated card numbers, and context-aware SSN values, as well as API key formats for AWS, Stripe, GitHub, and Slack. SSRF probes target URL-accepting parameters and body fields, looking for internal IP references and potential bypass attempts. Note that active SQL injection or command injection testing is outside scope, as these require intrusive payloads the tool does not send.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 documents with recursive $ref resolution. It cross-references the spec against runtime behavior to highlight undefined security schemes, sensitive fields in responses, deprecated operations, and missing pagination. This alignment helps surface findings relevant to audit evidence for controls aligned with PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). It does not guarantee compliance, but it supports your audit preparation by exposing deviations between specification and implementation.

The scanner includes LLM / AI Security testing with 18 adversarial probes across Quick, Standard, and Deep tiers. These probes cover system prompt extraction, instruction override, DAN and roleplay jailbreaks, data exfiltration attempts, cost exploitation, encoding bypasses, prompt injection variants, and token smuggling. For ongoing protection, the Pro tier provides scheduled rescans every 6 hours, daily, weekly, or monthly, with diff detection for new and resolved findings. You receive email alerts at a rate-limited cadence and HMAC-SHA256 signed webhooks that auto-disable after repeated failures.

Integrating middleBrick into your mesh audit workflow does not require code changes or new SDKs, but it does require ownership of the domain used for scanning. You can use the CLI with middlebrick scan <url> to produce JSON or text output, or adopt the GitHub Action to gate CI/CD when scores drop below your threshold. The dashboard centralizes reports and score trends, and it lets you download branded compliance PDFs aligned with PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). Note that the tool surfaces findings and provides remediation guidance; it does not fix, patch, or block issues, and it does not replace a human pentester for high-stakes audits.