<![CDATA[Nowadays, privacy and security have become challenges in developing web-based applications. For example, e-commerce applications are threatened with security issues like scammers, SQL injection attacks, bots, DDOs, Server Security, and Phishing. Although various security requirement methodologies are introduced, it has been reported that security consideration is consistently ignored or treated as the lowest priority during the application development process. Hence, the application is being violated by various security attacks. This paper introduces an alternative methodology to secure a web-based application through an Agent-Oriented Modelling extension. The secure AOM starts with Context and Asset Identification. The models involved in this phase are the Goal Model and Secure Tropos model. The second phase is the Determination of Security Objective. The model that will be used is Secure Tropos. The third phase is Risk Analysis and Assessment. The model that will be used is Secure Tropos. The fourth phase is Risk Treatment. In this phase, there is no model, but we use the suggestion from Secure Tropos: to eliminate risk, transfer risk, retain risk, and reduce risk. The fifth phase is Security Requirements Definition. The models that will be used are the scenario model, interaction model, and knowledge model. The last phase is Control Selection and Implementation. The model that will be used is the Behavior Model. We conducted a reliability analysis to analyze the participants' understanding of Secure AOM. From the reliability test, we can conclude that Secure AOM can become the alternative methodology, as the percentage that agrees that Secure AOM can protect users against making errors and mistakes is 80.9%, and 71.9% agree that SAOM can help to prevent users from specifying incorrect model elements and the relation between the model. This result means that over 50% of the participants agree that Secure AOM can be an alternative methodology that supports security risk management.]]>
