Prove the Importance of MOSRE Framework to Elicit Security Requirements at Early Stages of SDLC to Minimize Vulnerabilities at Later Phases in Developing Web Applications

Abstract: To develop security critical web applications, specifying security requirements is important, since 75% to 80% of all attacks happen at the web application layer. I adopted security requirements engineering methods to identify security requirements at the early stages of software development life cycle to minimize vulnerabilities at the later phases. In this paper, I present the evaluation of Model Oriented Security Requirements Engineering (MOSRE) framework and Security Requirements Engineering Framework (SREF) by implementing the identified security requirements of a web application through each framework while developing respective web application. I also developed a web application without using any of the security requirements engineering method in order to prove the importance of security requirements engineering phase in software development life cycle. This study led the requirements engineers to use MOSRE framework to elicit security requirements efficiently and trace security requirements from requirements engineering phase to later phases of software development life cycle for developing secure web applications. Keywords: Requirements engineering, security mechanism, security requirements, security requirements engineering, web applications and vulnerabilities.