ASVS Requirement 12.3.5

• Level: 3
• Chapter: V12 Secure Communication
• Section: V12.3 General Service to Service Communication Security
• Source: 0x21-V12-Secure-Communication.md

Description

Verify that services communicating internally within a system (intra-service communications) use strong authentication to ensure that each endpoint is verified. Strong authentication methods, such as TLS client authentication, must be employed to ensure identity, using public-key infrastructure and mechanisms that are resistant to replay attacks. For microservice architectures, consider using a service mesh to simplify certificate management and enhance security.