Further Learning Resources
Now you have a somewhat understanding of what web application testing is, how to setup your learning/playground environment & how to use some tools, you're likely wanting something to hack and play with?
Well fortunately there are many many many resources out there for learning the trade and the skills. I have alluded to resources in past posts that are worth checking out, here they are again to allow you to get your feet wet.
Web Applications for Learning on
- Damn Vulnerable Web Application(DVWA)
- OWASP Web Goat
- OWASP List of Vulnerable Web Applications
- PentesterLab - A Collection of Exercises to Learn Testing
- VulnHub - Not specifically all web app learning but some great VMs to play with
Great Reading Resources
- Web Hacking 101 by yaworsk - I highly recommend checking Pete's book out, it has a collection of bug bounty reports and resources for information on different findings others in the field have found and disclosed to companies.
- Web Application Hackers Handbook 2 - This is a bit dated in terms of reading material however the underlying fundamentals are still applicable to testing now a days. The physical books are nice to have however you can source them on the internet using advanced Google searches, but I’ll leave that up to you.
- Mastering Modern Web Applications - A newer take on web application penetration testing, it has some great resources and information contained within it. Stacks up well alongside WAHH2.
- Hacking with Github - A repository of writeups, guides and information on web application hacking and testing. Well worth spending some time reading up on the resources available to better your skillset and knowledge regardless of your level every day is a school day and you should always be willing to look into new things learn a new skill or technique everyday.