Performing security analysis on a computer program under test (CPUT). The CPUT can be analyzed to identify data pertinent to potential security vulnerabilities of the CPUT. At least a first unit test configured to test a particular unit of program code within the CPUT can be automatically synthesized. The first unit test can be configured to initialize at least one parameter used by the particular unit of program code within the CPUT, and can be provided at least a first test payload configured to exploit at least one potential security vulnerability of the CPUT. The first unit test can be dynamically processed to communicate the first test payload to the particular unit of program code within the CPUT. Whether the first test payload exploits an actual security vulnerability of the CPUT can be determined, and a security analysis report can be output.