Nowadays, more than 70% of the reported security vulnerabilities are caused by flaws in applications. Especially for J2EE applications security is one of the most important quality aspects, as J2EE is typically used for public websites and back office processing. However, in most J2EE projects, the implementation of security is postponed until the end of the project.