The purpose of this paper is to use the aspect-oriented programming (AOP) paradigm for security testing. AOP allows security experts to develop and inject separate modules for conducting security testing on the applications independent of their business logic. After an appropriateness analysis of the mostly used approaches for AOP, we retain the pointcut-advice model. The pointcut-advice model is significantly better than the other approaches for security testing. However, the current set of pointcuts is insufficient for the purpose of security testing and needs to be extended with new pointcuts. Keywords— AOP, Security, Testing, Pointcut, Instrumentation.