The CERT-In empanelled Web Application Security Assessment (WASA) your digital health application needs to clear NHA’s Milestone 1 gate and go live on the ABDM production environment.
Every digital health application that integrates with ABDM must pass a Web Application Security Assessment (WASA), conducted by a CERT-In empanelled auditor, before the National Health Authority (NHA) grants Milestone 1 (M1) certification and production access. Without a passing WASA report, no application — however well-built or well-funded — can go live on the ABDM ecosystem.
As a CERT-In empanelled auditing organisation, SICHERTEN runs the full WASA on your sandbox build — covering ABHA flows, ABDM APIs, the OWASP Top 10, authentication, encryption and patient-consent journeys — and produces an NHA-formatted report, supporting you through remediation, closure and the Safe-to-Host certificate.
ABHA number creation, verification, linking and login flows.
ABDM/FHIR endpoints, access control and secure communication.
Full vulnerability assessment and penetration testing of the app.
Login, token, session and access-control hardening.
Protection of sensitive health data in transit and at rest.
Patient consent journeys and artefact handling.
Any application seeking to go live on the ABDM production environment.
ABDM production access is gated by the NHA. Beyond third-party functional testing, every integrating application must clear a CERT-In empanelled WASA — the security audit is mandatory and non-negotiable. Requirements are set by the NHA/ABDM and updated periodically, so we confirm the current scope against the live sandbox guidelines for your build.
A methodical WASA lifecycle that produces an NHA-ready result.
Mapping your M1 ABHA flows, ABDM APIs and application architecture.
Alignment with ABDM sandbox specifications and FHIR expectations.
OWASP Top 10, API, authentication, encryption, consent and business logic.
Prioritised, CVSS-scored findings mapped to ABDM expectations.
Closing critical and high findings, then revalidating the fixes.
WASA report, closure certificate and Safe-to-Host certificate for submission.
We anchor the assessment to the standards and guidelines that govern the ABDM ecosystem.
What to have in place before the WASA begins.
Explore this offering in detail.
Learn more →Explore this offering in detail.
Learn more →Explore this offering in detail.
Learn more →Back to the full pillar.
View pillar →Tell us about your digital health application and we’ll scope the WASA with you — and get you production-ready.