Understand flow maps

The application flow map provides an interactive view of where data and resources are shared within your organization and beyond it.

When you view a flow map for an application, the information is organized into three connected sections:

  •  Application architecture: This section breaks down the view, presentation and service layers of the application's front end. You can also see foundational information about the application, including the environments in which it's deployed, letter grade, vulnerability statuses and attack status. There are three layers to this section:

    • View: This column displays the layer of technologies that determine what a browser sees and processes.

    • Presentation: This column displays the layer of libraries that generates the application view.

    • Service: This column displays the layer comprised of the database, LDAP driver or back-end code performing the application logic.

    Hover on an item in any of the lists to see how many instances of each type of library are used in the application, or click on the library to go to the library's page. If the agent reports any vulnerabilities, a warning icon appears beside the library in which they were found; hover over the icon for links to the vulnerabilities' Overview pages.

  • Back-end systems: These columns display each of the systems to which your application is connected. Hover on the cylinder icon for databases, the globe icon for URLs, or the plug icon for LDAP databases to see more details on each system; click on an icon to highlight its connection to other applications. A solid line with lock indicates that the connection is encrypted; a dashed line shows that the connection is unencrypted or the state of encryption is unknown.

  • Connected applications: This column lists each of the applications that are connected to the primary application by a back-end system. To see connected applications that meet specific criteria, click the funnel icon to select filters from the dropdown, such as environment, application language and custom tags. The menu also shows session metadata fields for the primary application (not the connected applications), if available. Select See Flowmap to go to the Flow Map tab for that application.


If the agent isn't currently reporting data for the current application, the Back-end systems and Connected applications sections are left blank.


 If the application is being accessed by another user while you're viewing the flow map, the Browser tab appears with a list of the browsers on which it's being accessed. Hover over the icons to see more details, such as the browser type and version.