# Pynt at a Glance
{% hint style="success" %}
**At a Glance**: 🚀 Pynt automates API security testing with real-world attack simulations, contextual analysis for accurate vulnerability detection, discovers undocumented APIs, and integrates seamlessly into your CI/CD pipeline for continuous protection.
{% endhint %}
Pynt is a cutting-edge API security platform that automates vulnerability detection using **context-aware attack simulations**. Its **contextual analysis** makes it more precise by understanding how APIs function within specific environments, leading to fewer false positives and more relevant findings.
## Key Features
* **Shift-Left Security**: 🕒 Introduces security early in the development lifecycle, enabling developers to detect vulnerabilities before production.
* **Contextual Analysis for Attack Simulation**: 🔍 Pynt analyzes the context of your API traffic, understanding the unique behavior of your APIs. This results in more accurate attack simulations tailored to your specific environment.
* **Business Logic Security**: 🔒 Pynt identifies vulnerabilities related to business logic that conventional tools often miss.
* **Continuous Monitoring**: 🔄 Integrates with CI/CD pipelines for ongoing, automated API security checks.
* **Comprehensive API Discovery**: 📚 Automatically discovers shadow and undocumented APIs through the **API catalog** feature, ensuring no API endpoint is left unmonitored.
***
## Pynt's Major Components
Pynt consists of two main components:
1. **Pynt Security Tests**: These are deployed via a container and can be run locally or in the CI/CD pipeline. This is part of Pynt's [free Starter Plan](https://www.pynt.io/pricing) and is accessible via [www.pynt.io](https://www.pynt.io). Designed for running automated security scans.
2. **Pynt SaaS**: A centralized platform that allows security owners to manage all APIs and scans in one place. Available with the [Business Plan](https://www.pynt.io/pricing), this component is accessible via [app.pynt.io](https://app.pynt.io).
***
### Who Should Use It?
{% hint style="info" %}
💡 **Pynt Security Tests**: Ideal for **security owners but also developers**, **testers**, **DevSecOps** teams who need to run automated API security scans, either locally leveraging Pynt from their existing tools or within CI/CD pipelines.
{% endhint %}
{% hint style="info" %}
💡 **Pynt SaaS**: Designed for **security owners** who want a unified view of all APIs, scan results, and the ability to manage and monitor the security testing process across their organization.
{% endhint %}
***
## How Pynt Security Testing Works
Pynt captures and analyzes your API traffic to simulate **real-world attacks**. Using its **contextual analysis**, Pynt verifies the success of attacks, ensuring highly accurate results with minimal false positives. This tailored approach helps to catch real vulnerabilities while avoiding unnecessary alerts.
#### Coverage Includes:
* **OWASP API Security Top 10**: Targeting critical risks in APIs like broken object-level authorization and excessive data exposure. [Learn more](https://owasp.org/www-project-api-security/)
* **OWASP Top 10 for Web Applications**: Identifying common web vulnerabilities, including injection and broken authentication. [Learn more](https://owasp.org/www-project-top-ten/)
* **OWASP Top 10 for LLMs**: Addressing new risks posed by large language models interacting with APIs. [Learn more](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
{% hint style="info" %}
By automating both security testing and API discovery with contextual analysis, Pynt provides comprehensive coverage, ensuring that your APIs meet industry-standard security benchmarks.
{% endhint %}
👉 [**Get started with integrating Pynt into your CI/CD**](https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd)**.**
