middleBrick

middleBrick scans your APIs and assigns a quantified security risk score. No agents to install, no SDKs, no credentials required. Paste a URL, get a security score with actionable findings in under 60 seconds.

The engine runs 12 parallel security checks covering the OWASP API Top 10: authentication bypass, IDOR, BOLA, BFLA, SSRF, data exposure, rate limiting bypass, mass assignment, and more. For AI/LLM endpoints, 18 adversarial probes test for prompt injection, jailbreaks, system prompt extraction, encoding bypasses, PII exfiltration, and cost exploitation attacks.

Supports REST, GraphQL, and AI/LLM APIs across 30+ frameworks (FastAPI, Express, Spring Boot, Django, NestJS, Rails, Laravel, and more) and 15+ LLM providers (OpenAI, Anthropic, Gemini, Mistral, AWS Bedrock, Azure OpenAI).

All scanning is read-only. No destructive payloads, no state changes. Authenticated scanning requires verified domain ownership via DNS or HTTP, so only API owners can scan with credentials.

Available as a web dashboard, CLI, GitHub Action for CI/CD gates, and MCP Server. Compliance reporting for GDPR, PCI-DSS, HIPAA, SOC 2, ISO 27001, and NIST.

Free tier includes 3 scans per month. Paid plans start at $99/mo.