Quiz Entry - updated: 2026.07.14
When would you use a system architecture diagram versus a sequence diagram for security analysis?
Use an architecture diagram to find entry points and trust boundaries (attack surface); use a sequence diagram to spot flaws in a specific flow (skipped steps, replays).
Different diagrams reveal different security concerns:
| Diagram | Best For | Security Questions It Answers |
|---|---|---|
| System Architecture | Threat modeling, attack surface analysis | "What could an attacker target? Where are the entry points? Where are trust boundaries?" |
| Sequence Diagram | Analyzing specific flows and timing | "What if step 3 is skipped? What if this response is replayed? Where should validation occur?" |
Example: OAuth2 security issues become clear in a sequence diagram (authorization code flow timing), while a system diagram shows whether the authorization server is properly isolated from the resource server.
Use both together for comprehensive security analysis.