# Security Testing Overview {% hint style="success" %} ๐Ÿ”ฅ Pynt's API Security Testing is fully available for **Business plan users**, and limited for **Starter plan users** (up to 10 API endpoints) ๐Ÿ†“. {% endhint %} ## How Does Pynt Work? Pynt leverages an **integrated shift-left approach** and **unique hack technology** using home-grown attack scenarios to: * Detect real vulnerabilities ๐Ÿ” * Discover APIs ๐Ÿ“š * Suggest fixes for verified vulnerabilities ๐Ÿ› ๏ธ {% hint style="info" %} Pynt acts like a hacker: It deeply analyses normal API traffic to build a model and then generates simulated attacks, verifies if the attack succeeds, and determines whether your API is vulnerable. {% endhint %} *** ## Why Use Your Functional Tests? Unlike other platforms (e.g., fuzzing), Pynt uses traffic from your functional tests to create real attack scenarios. This approach allows Pynt to: * Perform tests with **no configuration**, running in minutes โšก. * Provide an **accurate overview of vulnerabilities** with **near-zero false positives** ๐ŸŽฏ. * Leverage functional tests for **maximum API coverage**, as tests evolve with your APIs ๐Ÿ”„.

Pynt's testing flow

## Getting Started {% hint style="info" %} ๐Ÿ”— **Get started with Pyntโ€™s API Security Testing**: Pyntโ€™s security engine goes beyond conventional measures, leveraging your existing API functional tests for proactive testing. {% endhint %} #### To get started quickly with Pynt, we recommend the following steps: 1. **Follow the** [**Prerequisites** ](https://docs.pynt.io/documentation/api-security-testing/prerequisites-for-running-pynt-scans)๐Ÿ“‹ 2. **Run a single scan** - start directly from [here](https://www.pynt.io) or choose from the supported integrations [below](#available-integrations)๐Ÿ” 3. **Integrate Pynt with your** [**CI/CD pipeline**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd) for continuous coverage ๐Ÿ”„ *** ### Available integrations Pynt leverages a sophisticated context-aware security engine that goes beyond conventional measures. By leveraging your existing tools and functional tests, it conducts proactive API security tests directly from your local machine: * Get started with [**API testing tools**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-with-api-testing-tools) ๐Ÿ› ๏ธ * Get started with [**API testing CLIs**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-with-api-testing-clis) ๐Ÿ–ฅ๏ธ * Get started with [**API testing frameworks**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-with-testing-frameworks) โš™๏ธ * Get started with [**Burp Suite**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-with-burp-suite) ๐Ÿ” * Get started with [**Browser testing**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-with-browsers) ๐ŸŒ *** ### Integrate API Security Testing Into Your CI/CD {% hint style="success" %} ๐Ÿ” **Power of Continuous API Pentesting in CI/CD**: Integrating API security testing into your CI/CD pipeline ensures vulnerabilities are detected early in the development lifecycle. {% endhint %} We recommend to add Pynt into your CI/CD for continuous monitoring for API Security vulnerabilities. \ Pynt API security testing suite seamlessly integrates into existing development tools and CI/CD workflows. ๐Ÿ‘‰ [**Get started with integrating Pynt into your CI/CD**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd)**.**

Github Actions example: