Link: Web Security Academy Content: Teaches the basics of Web Application Security, so far SQL Injection, XSS, OS command injection and File Path traversal. Comes with small labs. Career: Penetration Tester but I recommend it also for everyone interested in security Level: Beginner Price: Free
The description from the originial website: “Welcome to the Web Security Academy. This is a brand new learning resource providing free training on web security vulnerabilities, techniques for finding and exploiting bugs, and defensive measures for avoiding them. The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you. Best of all, everything is free!”
For tracking and doing the labs you need to create an accout.
I found the explanations and the labs very suitable for beginners and I think it is a great starting point for web application security.
The team behind it is the same that is behind the Burpsuite and the famous Web Application Hackers Handbook (consider buying it if you want to go deeper into the topic):
The Web Application Hackers Handbook Authors: Daffy Stuttard, Marcus Pinto Content: The standard book about hacking Web Applications, goes into depth about the most important topics. Authors also created the BurpSuit. Career: Penetration Tester Level: Good for beginners, but also useful for experienced penetration testers Buy at Amazon U.S. Buy at Amazon Germany