Appendix

OWASP Top 10

Lists the most critical web app security risks: broken access control, cryptographic failures, injection, insecure design, security misconfig, vulnerable components, auth failures, integrity issues, logging/monitoring gaps, and SSRF.

OIDC, OAuth2 & JWT

OIDC adds identity on top of OAuth2’s authorization flows, providing user info via ID Tokens. OAuth2 issues access tokens for delegated API access. JWT is the compact, signed token format used to carry claims.