High quality, handwritten flashcards about web application weaknesses as downloadable DRM‑free files.
For learning and building secure software.
Each flashcard covers exactly one web application weakness and contains a description of the weakness as text and as a visualization. This combination creates a unique learning experience which allows the brain to remember the learned stuff much easier than compared to traditional learning methods.
Use the cards in your company. Replace boring and demotivating security checklists with a unique security check experience.
Use the cards to gamify the Sec part of your DevSecOps strategy. For instance, identify relevant cards for your software and check that each weakness is mitigated for each change.
The cards cover 33 common web application security weaknesses (e.g. SQL injection, open redirect, insecure deserialization, path traversal, insecure direct object reference, HTTP verb tampering, cross-site scripting, improper input validation, etc) and 10 machine learning weaknesses.
I regularly add new flashcards to the deck and fix mistakes. Whenever an updated card deck is available you can download that card deck for free.
You want security flashcards? Ok, then let's talk about the deal!
If you pay me 9.99€ (taxes included), I will give you:
Do you like that deal? Then fill out the following form to get your copy of the security flashcards.
You would you like to give your employees in your company access to
the flashcards (e.g. to increase security awareness, to integrate them into your DevSecOps
No problem. Please send me an email () so that we can discuss the details.
The prices are as follows (without taxes):
It's me, Daniel Etzold (@_etzold). I'm an IT Security Architect and Security Flashcards is a side project of mine.
Just send me an email to
Sure, I would appreciate this. Just send me an email so that I can fix it. If you like, I will add your name to the hall of fame (which currently does not exist as no body found errors so far).
Yes, absolutely. Seeing others being inspired by my work makes
me proud and happy. :)
However, if you integrate the flashcards in projects or products that you plan to publish or sell, please approach me to ask for permission. In general I’m happy to give permission (except for a very few situations) and I’m very flexible and open for discussions.