A data flow diagram shows the different systems in an architecture, the boundaries, and how the data flows between them, without giving information about the decision flows or loops.
To express the data flows in a system, the following elements are used:
Input/Output: represented by rectangles, they show the places where a user or another system can input information
Data store: represented by two parallel lines, they show the files, databases, etc. where data and configuration are stored
Function: represented by a circle, they show any part of the system that processes information
Flow: represented by arrows, they show the data connections between different parts of the system
Trust Boundary: represented by a line, it shows the separation between levels of trust
Example of Data Flow Diagram for a simple ToDo List Web App
Data Flow Diagrams can be created at different levels of detail. For the goals of Threat Modeling, we need just an overview of all data stores, processes, and data flows. This is enough to identify potential attack paths and vulnerabilities during our brainstorming session.