Although it might look like being outdated (its home page is announcing support for PHP4), Pixy is doing an outstanding job when looking for Cross-Site Scripting vulnerabilities and SQL or code injections.

It may be integrated with both IDEA and Eclipse development environments. Please, refer to the README file at Pixy's github page.