We present two algorithms for automatic remediation of security vulnerabilities in web applications. One correctly places sanitizers in the code, and the other replaces Statement by PreparedStatement. The demonstration will show how vulnerabilities flagged by a commercial security scanner are automatically fixed by an Eclipse plugin.