Dear All,
If you are new in the field of web application security, then here are some of the resources that can help you get started.
BOOKS
The web application hackers handbook - Stuttard & Pinto --> the best resource to start from basics.
ONLINE RESOURCE
Start with the basics, Learn from MDN docs, visit the site - https://developer.mozilla.org/en-US/
and read from the resources section. A lot of foundational stuff is there.
The OWASP foundation's OWASP top 10 - https://owasp.org/www-project-top-ten/
The foundation of all the web application testing that you will be doing.
Practical hands-on learining
TOOLS
List is long, depending on your objectives, the most basic ones will be - BurpSuite community edition, OWASP ZAP, Browser - Yes, learn to utilize the features of your web browser it will be helpful.
for specific use case on other tools, you can open a thread and ask, but the above tools will help you start your journey to web app security.
VIDEOS
There are multiple channels on youtube that teaches about the web application security, you can search on your own and try to understand the web security vulnerabilities from multiple sources and expand your knowledge.
Web Articles
you can use Reddit and its sub topic r/netsec
if you use telegram - t.me/RNetsec
do drop a message if you need more information.
Remember - Persistence is the key.
Best of luck to all.
Regards,
EvolutionSec.