diff --git a/src/Application/Controller/Admin/d3user_webauthn.php b/src/Application/Controller/Admin/d3user_webauthn.php
index f5f4b25..189647e 100755
--- a/src/Application/Controller/Admin/d3user_webauthn.php
+++ b/src/Application/Controller/Admin/d3user_webauthn.php
@@ -15,6 +15,7 @@ declare(strict_types=1);
 
 namespace D3\Webauthn\Application\Controller\Admin;
 
+use Assert\Assert;
 use Assert\AssertionFailedException;
 use D3\TestingTools\Production\IsMockable;
 use D3\Webauthn\Application\Model\Credential\PublicKeyCredential;
@@ -107,12 +108,15 @@ class d3user_webauthn extends AdminDetailsController
             }
 
             $credential = Registry::getRequest()->getRequestEscapedParameter('credential');
-            if (strlen((string) $credential)) {
-                d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($credential);
-                /** @var Webauthn $webauthn */
-                $webauthn = d3GetOxidDIC()->get(Webauthn::class);
-                $webauthn->saveAuthn($credential, Registry::getRequest()->getRequestEscapedParameter('keyname'));
-            }
+            Assert::that($credential)->minLength(1, 'Credential should not be empty.');
+
+            $keyname = Registry::getRequest()->getRequestEscapedParameter('keyname');
+            Assert::that($keyname)->minLength(1, 'Key name should not be empty.');
+
+            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($credential);
+            /** @var Webauthn $webauthn */
+            $webauthn = d3GetOxidDIC()->get(Webauthn::class);
+            $webauthn->saveAuthn($credential, $keyname);
         } catch (WebauthnException $e) {
             d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getDetailedErrorMessage(), ['UserId' => $this->getEditObjectId()]);
             d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());
diff --git a/src/Application/Controller/Admin/d3webauthnadminlogin.php b/src/Application/Controller/Admin/d3webauthnadminlogin.php
index 5686d84..e7359ec 100755
--- a/src/Application/Controller/Admin/d3webauthnadminlogin.php
+++ b/src/Application/Controller/Admin/d3webauthnadminlogin.php
@@ -125,9 +125,9 @@ class d3webauthnadminlogin extends AdminController
     {
         try {
             $login = $this->getWebAuthnLogin();
-            return $login->adminLogin(
-                d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('profile')
-            );
+            $profile = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('profile');
+            Assert::that($profile)->string();
+            return $login->adminLogin($profile);
         } catch (WebauthnGetException|AssertionFailedException $e) {
             d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);
             return 'login';
diff --git a/src/Application/Controller/d3_account_webauthn.php b/src/Application/Controller/d3_account_webauthn.php
index af4d5f9..cd5a13c 100755
--- a/src/Application/Controller/d3_account_webauthn.php
+++ b/src/Application/Controller/d3_account_webauthn.php
@@ -15,6 +15,7 @@ declare(strict_types=1);
 
 namespace D3\Webauthn\Application\Controller;
 
+use Assert\Assert;
 use Assert\AssertionFailedException;
 use D3\TestingTools\Production\IsMockable;
 use D3\Webauthn\Application\Controller\Traits\accountTrait;
@@ -137,11 +138,10 @@ class d3_account_webauthn extends AccountController
             }
 
             $credential = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('credential');
-            if (strlen((string) $credential)) {
-                d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($credential);
-                $webauthn = d3GetOxidDIC()->get(Webauthn::class);
-                $webauthn->saveAuthn($credential, d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('keyname'));
-            }
+            Assert::that($credential)->minLength(1, 'Credential should not be empty.');
+            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($credential);
+            $webauthn = d3GetOxidDIC()->get(Webauthn::class);
+            $webauthn->saveAuthn($credential, d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('keyname'));
         } catch (WebauthnException $e) {
             d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error(
                 $e->getDetailedErrorMessage(),
diff --git a/src/Application/Model/Credential/PublicKeyCredential.php b/src/Application/Model/Credential/PublicKeyCredential.php
index 377e34f..15b2196 100755
--- a/src/Application/Model/Credential/PublicKeyCredential.php
+++ b/src/Application/Model/Credential/PublicKeyCredential.php
@@ -17,6 +17,7 @@ namespace D3\Webauthn\Application\Model\Credential;
 
 use Assert\Assert;
 use Assert\AssertionFailedException;
+use Assert\InvalidArgumentException;
 use D3\TestingTools\Production\IsMockable;
 use D3\Webauthn\Setup\Actions;
 use DateTime;
@@ -85,11 +86,16 @@ class PublicKeyCredential extends BaseModel
     }
 
     /**
-     * @return null|string
+     * @return string
+     * @throws InvalidArgumentException
      */
     public function getCredentialId(): ?string
     {
-        return base64_decode($this->__get($this->_getFieldLongName('credentialid'))->rawValue) ?: null;
+        $encodedCID = $this->__get($this->_getFieldLongName('credentialid'))->rawValue;
+
+        Assert::that($encodedCID)->base64('Credential ID "%s" is not a valid base64 string.');
+
+        return base64_decode($encodedCID);
     }
 
     /**