Data Structure
Java
Python
HTML
Interview Preparation
- Tutorials
- Courses
- Tracks
You see POST /api/auth/login → access token (15m) + refresh token (30d). Which security test is most relevant?
Last Updated :
Discuss
Comments
You see POST /api/auth/login → access token (15m) + refresh token (30d). Which security test is most relevant?
Replay the access token after expiry
Use refresh token over HTTP (no TLS) to sniff it
Attempt refresh token reuse after rotation is expected
Flood /login with invalid creds
This question is part of this quiz :
Cyber Quiz Day 36Tags:
Share your thoughts in the comments
GeeksforGeeks