ASVS Requirement 13.2.1

• Level: 2
• Chapter: V13 Configuration
• Section: V13.2 Backend Communication Configuration
• Source: 0x22-V13-Configuration.md

Description

Verify that communications between backend application components that don't support the application's standard user session mechanism, including APIs, middleware, and data layers, are authenticated. Authentication must use individual service accounts, short-term tokens, or certificate-based authentication and not unchanging credentials such as passwords, API keys, or shared accounts with privileged access.