Skip to content

New CS proposal: [3rd Party Payment Gateway integration] #1774

New issue
New issue
Open
Open
New CS proposal: [3rd Party Payment Gateway integration]#1774
Labels
ACK_WAITINGIssue waiting acknowledgement from core team before to start the work to fix it.HELP_WANTEDIssue for which help is wanted to do the job.NEW_CSIssue about the creation of a new cheat sheet.
@mrojz

Description

@mrojz
mrojz
opened on Aug 28, 2025

What is the proposed Cheat Sheet about?

Guidance for securely integrating third-party payment gateways, focusing on workflow risks and practical mitigation steps.

What security issues are commonly encountered related to this area?

Order tampering, payment spoofing, unauthenticated callbacks, race conditions, replay attacks, and missing validation/logging.

What is the objective of the Cheat Sheet?

Enable fast, secure merchant integration by giving easy-to-follow technical checks for payment flows.

What other resources exist in this area?

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/10-Test-Payment-Functionality

This Cheat Sheet is designed to guide developers to securly integrate 3rd party payment gateway integration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ACK_WAITINGIssue waiting acknowledgement from core team before to start the work to fix it.HELP_WANTEDIssue for which help is wanted to do the job.NEW_CSIssue about the creation of a new cheat sheet.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions