Table of Contents

• Title and Copyright Information
• 1 Preface
  • 1.1 Purpose
  • 1.2 Audience
  • 1.3 Documentation Accessibility
  • 1.4 Critical Patches
  • 1.5 Diversity and Inclusion
  • 1.6 Conventions
  • 1.7 Related Resources
  • 1.8 Screenshot Disclaimer
  • 1.9 Acronyms and Abbreviations
  • 1.10 Basic Actions
  • 1.11 Symbols, Definitions and Abbreviations
• 2 About this Manual
  • 2.1 Introduction
  • 2.2 Scope
    • 2.2.1 Read Sections Completely
    • 2.2.2 Understand the Purpose of this Guidance
    • 2.2.3 Limitations
• 3 How to Address the OWASP Top10 in Oracle Banking Payments
  • 3.1 Injection
  • 3.2 Broken Authentication and Session Management
  • 3.3 Cross-Site Scripting (XSS)
  • 3.4 Insecure Direct Object References
  • 3.5 Security Misconfiguration
  • 3.6 Sensitive Data Exposure
  • 3.7 Missing Function Level Access Control
  • 3.8 Cross-Site Request Forgery (CSRF)
  • 3.9 Using Components with Known Vulnerabilities
  • 3.10 Unvalidated Redirects and Forwards Network Security
• 4 Securing Gateway Services
  • 4.1 Inbound Application Integration
  • 4.2 EJB Based Synchronous Deployment Pattern
  • 4.3 Web Services Based Synchronous Deployment Pattern
  • 4.4 HTTP Servlet Based Synchronous Deployment Pattern
  • 4.5 MDB Based Asynchronous Deployment Pattern
  • 4.6 Outbound Application Integration
  • 4.7 Accessing Service and Operation
  • 4.8 Gateway Password Generation Logic for External System Authentication
  • 4.9 XSD Validation and Input Validation
  • 4.10 List of Services
  • 4.11 List of Interfaces