Toward Secure Web to ERP Payment Flows: A Case Study of HTTP Header Trust Failures in SAP Based Systems

Computer Science > Cryptography and Security [Submitted on 15 Mar 2026] Toward Secure Web to ERP Payment Flows: A Case Study of HTTP Header Trust Failures in SAP Based Systems Vick Dini Electronic banking portals often sit in front of enterprise resource planning (ERP) systems such as SAP, mediating payment requests between users and back end financial infrastructure. When these integrations place excessive trust in client supplied HTTP metadata, subtle design flaws can arise that undermine payment integrity. This article presents a retrospective, anonymized case study of an SAP based payment flow in which weaknesses in HTTP level validation allowed the front end application to incorrectly treat unpaid transactions as completed. Rather than provide a reproducible exploit, we abstract the scenario into a general vulnerability pattern, analyze contributing architectural decisions, and propose concrete design and verification practices for secure web to ERP payment processing. The discussion emphasizes formalizing payment state machines, strengthening trust boundaries, and incorporating regular security review into integration projects. Subjects: Cryptography and Security (cs.CR); Software Engineering (cs.SE) Cite as: arXiv:2603.14365 [cs.CR]   (or arXiv:2603.14365v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.14365 Focus to learn more Submission history From: Vick Dini [view email] [v1] Sun, 15 Mar 2026 13:02:52 UTC (195 KB) Access Paper: view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.SE References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)