Security measurement based on GQM to improve application security during requirements stage

Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goal Question Metric (GQM) approach, focusing on the design of the misuse case model. Misuse case is a technique to identify threats and integrate security requirements during the requirement analysis stage. The security metrics model helps in discovering and evaluating the misuse case models by ensuring a defect-free model. Here, the security metrics are based on the OWASP top 10-2010, in addition to misuse case modeling antipattern. KEYWORDS Measurement; Security Metrics; Misuse cases; Security Requirements; Software Security.