As an important property of the software system, software security has drawn more and more attention. Security evaluation in the early phase of the software development is important to software quality and cost control. Current expert-based review and inspection methods can be error-prone and subjective. In this paper, we have proposed a knowledge-based security evaluation approach which can detect vulnerabilities in the UML sequence diagrams. With common knowledge as the evaluation reference, we can reduce the subjectivity in the result. We also have developed a support tool which can automatically perform most of the work in the method and improve the efficiency.