Abstract
Because of software requirements play a critical role in software development projects, measuring the nonfunctional requirements as well as functional requirements is therefore not to be trifled with. Software security as a nonfunctional requirement is one of the most important quality characteristic that is recently added in the ISO 25010 quality models (previously defined as sub characteristics in ISO 9126). This characteristic must be evaluated cautiously and precisely during all the software life-cycle and especially early in the design phase. The purpose of this paper is early evaluating security in web application. To achieve this purpose, we propose to measure the quality attributes of authenticity through a combination of functional and structural size of the authenticity sequence diagram at the design phase. This combination of measurement can be used to identify the risk of violation of authenticity in web application design. An example of GeoNetwork web application is used to illustrate our proposed measurement for evaluating security as defined by ISO/IEC 25010.