This research paper proposes the UML 2.0 based framework for round-trip engineering and use of Security Performance Flexibility model to keep high security in web applications. This model allows system administrators to skip or disable some unnecessary security checks in trusted operating systems through which, they can effectively balance their performance needs without compromising the security of the system. For example, the system admin can tell that video on demand server is allowed to skip only security checks on reading files, while the database server is allowed to skip only security checks on seeking files. Which operation is needed to be skipped and, which operation is not needed to be skipped is very much subjective in nature, this will depend upon the user’s requirement and the particular application’s requirement. The selection of these operations for a particular application is the part of software requirement elicitation process. This UML 2.0 based research work proposes Object-Oriented class-based software development, source code generation in C++ and the integration of security engineering into a model-driven software development. On this source code, Halstead software science measures, etc., can be applied. This helps developers in code restructuring; identify probable bugs or deficiencies for probable improvements and helps from the analysis phase to the maintenance phase
