OWASP Web3 Wallet Security

The purpose of this project is to improve the security of Web3 wallets by creating community-driven documentation, standards, and testing guidance. The project will provide resources for developers, auditors, and the wider OWASP community to build, test, and use wallets securely.

Road Map

Phase 1 – Setup (Within 30 Days):

•Set up the GitHub repository with documentation structure, license, and contributor guidelines.

•Publish the Web3 Wallet Security Cheat Sheet (v1.0) as the project’s first deliverable, providing immediate developer guidance and aligning with OWASP’s documentation standards.

Phase 2 – Core Development (Month 2–3):

•Finalize and release the Web3 Wallet Security Top 10 (WSTop10), which has already been structured and peer-reviewed in draft form.

•Complete the Web3 Wallet Security Verification Standard (WSVS), defining control requirements and assurance levels (L1–L3) for wallet developers and auditors.

•Invite community feedback after publication through the OWASP mailing list and GitHub discussions to capture suggestions for future revisions, ensuring transparency and continuous improvement.

Phase 3 – Expansion & Integration (Month 3–6):

•Release the Web3 Wallet Security Testing Guide (WSTG) with mapped test cases for each Top 10 risk and WSVS control.

•Begin planning for educational integration, community outreach, and official documentation alignment under the OWASP banner.

End of Year Goal:

Deliver a complete, community-reviewed OWASP documentation suite covering wallet security awareness, verification, and testing positioned for Lab-level recognition and integration into OWASP’s educational ecosystem. The project will continue to evolve through annual updates, ensuring ongoing relevance, alignment with emerging Web3 standards, and continuous community contribution.