WIN-8.4.4-01 — Implement OWASP ASVS level 3
If a wallet instance is a web application, it shall implement all applicable controls of the OWASP ASVS at level 3.
| Property | Value |
|---|---|
| Section | 8.4.4 WebApp |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-01 | Error Message Sanitization |
| SID-HARD-02 | Input Validation and Injection Prevention |
| SID-HARD-05 | Browser Security Controls |
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore |
| SID-HARD-08 | Sensitive Data UI Protection |
| SID-HARD-09 | Application Resilience and Anti-Tampering |
Source: ENISA – Security Requirements for European Digital Identity Wallets v0.5