Extending V-model practices to support SRE to build secure web application

Technological advancements and rapid growth in the use of the Internet by the society have had a huge impact on information security. It has triggered the need for a major shift in the way web applications are developed. The high level security of these applications is crucial to their success. Therefore, information security has become a core requirement for producing trustworthy software driven by the need to guard critical assets. To develop a web application with adequate security features, it is highly recommended to capture security requirements early in the development lifecycle. In this paper, we propose a way of extending the V-Model requirements engineering phase to aid developers to engineer security requirements for a web application being developed, as well as, handling the security test planning. The aim is to support the proactive definition of security requirements by integrating security requirements engineering (SRE) activities with requirements engineering (RE) activities of the V-model.