This chapter explores using service-oriented computing to reengineer non-secure legacy software applications to create new secure target applications. Two objectives of this chapter are: (1) to analyze the architectural changes required in order to adopt new web technologies and cope with resultant vulnerabilities in source code; and (2) to measure the level of effort required to modernize software by adopting new web technologies and adding security countermeasures. To meet these objectives, a model-driven Scrum for Service-Oriented Software Reengineering (mScrum4SOSR) methodology was chosen and applied to a reengineering project. Scrum is employed to manage the reengineering project, as well as to measure implementation effort related to the modernization process. Further, a re-documentation technique called 5W1H Re-Doc is used to re-document the non-secure software application at a high level of abstraction in order to help project participants comprehend what is needed to identify candidate services for service-oriented reengineering. Case studies with and without security features are created for different types of applications - a desktop graphical user interface, a web application, a web services application, a restful web services application, and an enterprise service bus application.