Sometimes we need to develop security requirements for some abstract web application. Yeah, unfortunately, we don’t always know the whole feature request list in advance. Web designers prefer to work according to a waterfall model, but it may not always be possible. A technically skilled client is a rare case…