Data flow

Data flow is the path that data takes as it enters an application’s trust boundaries, traverses through the application, and ultimately leaves the application as output. Exploring data flow helps you understand how the application processes data, and spot certain potential vulnerabilities, for example, cross-site scripting (XSS).

When exploring a data flow, it’s helpful to look at the data flow steps:

Source is a step where external data enters the application.
Propagator is a step where the data is processed by the application.
Sink is a step where the data reaches its destination, for example, is saved to a database.

At each step, an attacker can maliciously manipulate and abuse the data.