Secure Coding

Previous Topic
Next Topic

Data Flow Diagram

Secure Coding Threat Modeling Data Flow Diagram

A data flow diagram shows the different systems in an architecture, the boundaries, and how the data flows between them, without giving information about the decision flows or loops.

To express the data flows in a system, the following elements are used:

  • Input/Output: represented by rectangles, they show the places where a user or another system can input information
  • Data store: represented by two parallel lines, they show the files, databases, etc. where data and configuration are stored
  • Function: represented by a circle, they show any part of the system that processes information
  • Flow: represented by arrows, they show the data connections between different parts of the system
  • Trust Boundary: represented by a line, it shows the separation between levels of trust
Example of Data Flow Diagram for a simple ToDo List Web App

Data Flow Diagrams can be created at different levels of detail. For the goals of Threat Modeling, we need just an overview of all data stores, processes, and data flows. This is enough to identify potential attack paths and vulnerabilities during our brainstorming session.

Previous Topic
Back to Lesson
Next Topic
Scroll to Top