Data-flow diagram elements

Completed

Data-flow diagrams are made up of shapes that create graphical representations of your system. Each shape represents a unique function. Each interaction is analyzed to help you identify potential threats and ways to reduce risk.

Using shapes correctly allows you to receive better input from colleagues and security teams. Everyone will then understand how the system works. It can also help them avoid going through countless design documents and development plans to get them up and running.

Note

If you fail to properly account for all the parts of a system in the data-flow diagram, you'll risk deploying the system with potential vulnerabilities.

Element Shape Definition Example
Process Process. Task that receives, modifies, or redirects input to output Web service
Data store Data Store. Permanent and temporary data storage Web cache and Azure DB
External entity External Entity. Task, entity, or data store outside of your direct control Users and third-party APIs
Data-flow Data-flow. Data movement between processes, data stores, and external entities Connection strings and payloads
Trust boundary Trust Boundary Box. Trust Boundary Line Trust zone changes as data flows through the system Users connecting to a secured corporate network over the internet

We'll discuss each element in the next few units.