# Security Testing

Security Testing in KushoAI enables you to detect vulnerabilities and weaknesses in your APIs and applications proactively. By simulating real-world attack scenarios, KushoAI helps ensure that your system is resilient against common threats like SQL injection, XSS, and insecure authentication flows.

This way, you can strengthen your security posture and ship with confidence, knowing your product is safeguarded before it reaches production.

Here is how it works:

1. After testing an API, click on the test suite. You will see a "Security" button in the middle top.

2. After clicking on the security button, you will be greeted by a page showing that KushoAI will generate security tests for you automatically. These tests cover scenarios like authorization and authentication checks, CORS issues, OWASP top 10 vulnerabilities and common attacks, including SQL injection. Click on the "Generate Security tests".

3. After the generations are done, you can perform operations on them just like you would for regular functional API tests.