Data-flow diagram elements
Data-flow diagrams are made up of shapes that create graphical representations of your system. Each shape represents a unique function. Each interaction is analyzed to help you identify potential threats and ways to reduce risk.
Using shapes correctly helps you receive better input from colleagues and security teams. They allow everyone to understand how the system works. It can also help everyone avoid going through countless design documents and development plans to get them up and running.
Note
If you fail to properly account for all the parts of a system in the data-flow diagram, you'll risk deploying the system with potential vulnerabilities.
| Element | Shape | Definition | Example |
|---|---|---|---|
| Process |  |
Task that receives, modifies, or redirects input to output | Web service |
| Data store |  |
Permanent and temporary data storage | Web cache and Azure DB |
| External entity |  |
Task, entity, or data store outside of your direct control | Users and third-party APIs |
| Data-flow |  |
Data movement between processes, data stores, and external entities | Connection strings and payloads |
| Trust boundary |   |
Trust zone changes as data flows through the system | Users connecting to a secured corporate network over the internet |
In the next few units, we discuss each of the elements.