Abstract: We present a static vulnerability analyzer with on-the-fly and visualization features and an empirical experiment to demonstrate its usefulness. The analyzer can find security vulnerabilities or weaknesses in program source code under development in an on-the-fly style. Also, the analyzer shows program properties related to the vulnerabilities in visualized forms which can be very helpful for testers to identify false-positives and remediate the vulnerabilities. We conducted an empirical experiment where eleven testers inspect 150 sample programs. The experiment result shows the usefulness of the on-the-fly analysis and visualization compared with manual inspection and server-based vulnerability analyzer.