The materials and labs exloded over the last months:
Web cache poisoning
Information disclosure vulnerabilities
Cross-site request forgery (CSRF)
XML external entity (XXE) injection
Clickjacking (UI redressing)
Cross-origin resource sharing (CORS)
Server-side request forgery (SSRF)
HTTP request smuggling
OS command injection
Server-side template injection
Access control vulnerabilities and privilege escalation
Testing for WebSockets security vulnerabilities
The full list of labs is not included here, it is simply too long!
Link: Web Security Academy
Content: Teaches the basics of Web Application Security, so far SQL Injection, XSS, OS command injection and File Path traversal. Comes with small labs.
Career: Penetration Tester but I recommend it also for everyone interested in security
The description from the originial website:
“Welcome to the Web Security Academy. This is a brand new learning resource providing free training on web security vulnerabilities, techniques for finding and exploiting bugs, and defensive measures for avoiding them.
The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you. Best of all, everything is free!”
For tracking and doing the labs you need to create an accout.
I found the explanations and the labs very suitable for beginners and I think it is a great starting point for web application security.
The team behind it is the same that is behind the Burpsuite and the famous Web Application Hackers Handbook (consider buying it if you want to go deeper into the topic):
The Web Application Hackers Handbook
Authors: Daffy Stuttard, Marcus Pinto
Content: The standard book about hacking Web Applications, goes into depth about the most important topics. Authors also created the BurpSuit.
Career: Penetration Tester
Level: Good for beginners, but also useful for experienced penetration testers