Abstract: "Security code reviews often fail because of preventable bugs like a printStackTrace being left in production code. Failure to notice these early in the development lifecycle can increase the time, effort and cost in fixing these issues. Static analysis can identify these issues within the IDE, showing developers where vulnerabilities may occur in code. FindBugs and CodePro Tools are two popular Eclipse plugins that perform static analysis, but they don’t have many security rules available, and also have to be manually launched against the code. I've been developing a plugin for Eclipse which provides real-time static analysis based on a set of security rules. It works in the background, silently analysing the code developers are working on at that time until it finds a potential issue which it then marks for the developer to examine. This presentation will give a brief overview of static analysis methods, how these are used within the plugin and other tools to identify potential vulnerabilities, and how using this tool can help developers write more secure code. A quick demonstration of the plugin will be shown."