The growing sophistication of SQL Injection (SQLi) attacks and the limitations of traditional security testing methods present a pressing need for innovative approaches, particularly in GUI-level security testing. Conventional tools often overlook vulnerabilities in user-facing elements such as input fields and login pages, focusing predominantly on backend systems. Automated GUI testing offers a solution by enabling the detection of these vulnerabilities directly at the user interface level. However, many existing tools require extensive technical knowledge or security testing expertise. Our approach leverages automated GUI testing, offering a more user-friendly and effective method for identifying SQLi vulnerabilities within graphical user interfaces (GUIs), specifically in login pages. This thesis introduces a proof-of-concept plugin developed for the Scout tool, which integrates the plugin into its augmented testing framework. Scout overlays a visual layer between the system under test (SUT) and the tester, facilitating intuitive interaction with the application. The primary goal of the plugin is to automate SQLi detection at the GUI level, combining security testing with Scout’s augmented testing paradigm, hence enabling non-security-trained testers. While augmented testing is established in GUI testing, its combination with security testing—particularly SQLi—has not been extensively studied. This research aims to fill that gap by evaluating the plugin's effectiveness in streamlining SQLi detection and improving the overall security testing process. The plugin was evaluated through a quasi-experiment, where its effectiveness in identifying SQLi vulnerabilities was measured across three open-source platforms: OWASP Juice Shop, bWAPP, and AltoroJ. A total of 906 test executions, spanning 302 SQLi test cases, were conducted. Results were analyzed using descriptive statistics, including bar graphs and box plots. The findings suggest that the plugin effectively detects SQLi vulnerabilities, particularly in login pages. The perception study further revealed that non-security-expert practitioners perceived the plugin to be useful and effective but recommended enhancements to further expand the plugin's capabilities. In conclusion, this study demonstrates the potential of combining augmented testing with automated GUI security testing to detect SQLi vulnerabilities. While the plugin shows promise in improving both test effectiveness and usability, a more formal study is required to fully validate its effectiveness in real-world environments. Future work should focus on expanding the plugin's functionality, incorporating more types of SQLi, and validating the approach in real-world environments.