Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness. UML offers an unprecedented opportunity for high-quality critical systems development that is feasible in an industrial context. The UML extension UMLsec for secure systems development helps overcoming these challenges. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As an example, UMLsec was used to uncover a flaw in the Common Electronic Purse Specification, and to propose and verify a correction. Further information can be found in the UMLsec book. With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications. UMLsec-Tool: This tool framework provides automatic verification plugins of UML models for critical requirements. In particular, it includes automated analysis of UMLsec models for the security requirements included as stereotypes. The input is a .zargo or .xmi file containing UML diagrams created with the UML tool ArgoUML. A particular focus of many of the verification plug-ins within this tool architecture is on security-critical systems