With recognition of the importance of web application security, there is a need for study on a conceptual Kaizen framework as a guide to initiate a series of Kaizen events for self-assessment of web application security vulnerabilities. Moreover, there is a need for study on a more effective attack potential measurement method to support the Kaizen event for stepwise measurement and incremental improvement of web application security vulnerabilities. As a result, a conceptual Kaizen framework to guide the Kaizen event was developed and a new attack potential measurement method was proposed in this study. A numerical example was given to demonstrate that the new attack potential measurement method is more suitable than the traditional attack potential measurement method to support the Kaizen event for measuring small but encouraging improvement of web application security vulnerabilities. Finally, conclusions are made and suggestions for future work are proposed.