Security Flashcards

High quality, handwritten flashcards about web application weaknesses as downloadable DRM‑free files.

For learning and building secure software.

Learning Has Never Been More Fun

Each flashcard covers exactly one web application weakness and contains a description of the weakness as text and as a visualization. This combination creates a unique learning experience which allows the brain to remember the learned stuff much easier than compared to traditional learning methods.

Build More Secure Software

Use the cards in your company. Replace boring and demotivating security checklists with a unique security check experience.

Use the cards to gamify the Sec part of your DevSecOps strategy. For instance, identify relevant cards for your software and check that each weakness is mitigated for each change.

45 Weaknesses

The cards cover 33 common web application security weaknesses (e.g. SQL injection, open redirect, insecure deserialization, path traversal, insecure direct object reference, HTTP verb tampering, cross-site scripting, improper input validation, etc) and 10 machine learning weaknesses.

Get Updates for Free

I regularly add new flashcards to the deck and fix mistakes. Whenever an updated card deck is available you can download that card deck for free.

Get Your Security Flashcards

(non-commercial use / single-user)

You want security flashcards? Ok, then let's talk about the deal!

If you pay me 9.99€ (taxes included), I will give you:

  • 45 flashcards as DRM-free PNG and PDF files.
    (details: 45 PNG files, 1 PDF in A6 with one flashcard per page, 1 PDF in A4 with four flashcards per page, 45 PDF files each in A6 and for each flashcard one file)
  • You get the files in a ZIP archive (70MB) that you can download. I send you the download link for that archive via email after you have completed the purchase.
  • The PNG files have a size of 1748x1240 pixels. This size allows you to print the cards on an A6 paper (148x105mm) with 300dpi.
  • The download link will be valid for 48 hours.
    If you need to access the ZIP archive after the download link has expired, just send me an email and I will send you a new download link.

Do you like that deal? Then fill out the following form to get your copy of the security flashcards.

I'm going to send the download link to this address.
(taxes included)

Commercial Use


You would you like to give your employees in your company access to the flashcards (e.g. to increase security awareness, to integrate them into your DevSecOps strategy, etc)?

No problem. Please send me an email () so that we can discuss the details.

The prices are as follows (without taxes):

50 Users
100 Users
101+ Users

Frequently Asked Questions


Who created Security Flashcards?

It's me, Daniel Etzold (@_etzold). I'm an IT Security Architect and Security Flashcards is a side project of mine.


I have a question or want to give feedback. How can I contact you?

Just send me an email to


I have found an error on a flashcard. Can I report that error?

Sure, I would appreciate this. Just send me an email so that I can fix it. If you like, I will add your name to the hall of fame (which currently does not exist as no body found errors so far).


Can I use the flashcards in my own projects?

Yes, absolutely. Seeing others being inspired by my work makes me proud and happy. :)

However, if you integrate the flashcards in projects or products that you plan to publish or sell, please approach me to ask for permission. In general I’m happy to give permission (except for a very few situations) and I’m very flexible and open for discussions.

Terms of Use Privacy Policy Imprint