What is Data Flow Diagram (DFD)?

A data flow diagram (DFD) is a visual representation of how data moves through a system. It captures four element types: processes (which transform data), data stores (which hold it), data flows (which move it), and external entities (which send or receive it).

DFDs are a foundational tool in threat modeling because threats are easiest to reason about where data crosses boundaries. By drawing where data goes and who touches it, teams can systematically ask what could go wrong at each element — for example by applying STRIDE.

Drawing and maintaining DFDs by hand is one of the most time-consuming parts of traditional threat modeling. Automated approaches infer data flows directly from code and architecture so the diagram never has to be drawn manually.