This chapter exemplifies the use of experimental techniques, borrowed from software engineering, to create validated knowledge in the Security field. Systematic approaches for secure software development, specifically those implying some sort of process aligned with the software development life cycle (SDLC), are called security methodologies. There are a number of security methodologies in the literature, of which the most flexible and most satisfactory from an industry adoption viewpoint are methodologies that encapsulate their