Developers often inadvertently introduce vulnerabilities due to insufficient security knowledge and code complexity, while traditional tools only detect issues post hoc, incurring high remediation costs. This work proposes a proactive prevention approach that identifies methods implementing security-critical functionalities—such as authentication and input handling—using code-level security-aware metrics. These metrics are integrated with a large language model (LLM) to generate actionable, preventive explanations, which are embedded directly into the development workflow to enhance secure coding practices. A prototype plugin implemented in IntelliJ IDEA was evaluated on the Spring-PetClinic application, demonstrating that the selected metrics effectively pinpoint known security-critical methods and that the LLM-generated explanations are both practical and prevention-oriented.

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced in code, leading to costly remediation. This work explores a proactive strategy to prevent vulnerabilities by highlighting code regions that implement security-critical functionality -- such as data access, authentication, and input handling -- and providing guidance for their secure implementation. We present an IntelliJ IDEA plugin prototype that uses code-level software metrics to identify potentially security-critical methods and large language models (LLMs) to generate prevention-oriented explanations. Our initial evaluation on the Spring-PetClinic application shows that the selected metrics identify most known security-critical methods, while an LLM provides actionable, prevention-focused insights. Although these metrics capture structural properties rather than semantic aspects of security, this work lays the foundation for code-level security-aware metrics and enhanced explanations.