When I was learning web penetration testing / security, I found it really hard to put the bits and pieces together. There are a lot of labs, but the basics are not really explained in depth. The attack simply "works" and you are left thinking why it did. After 7 years in AppSec and multiple expert level certifications, I built AppSecMaster, with clear learning tracks for all skill levels. Each lab has its code attached, where you can spot the insecure code and also a live instance for you to test on. Solutions are explained in detail, starting from the core concepts. There are lots of free / master tier challenges. For expert level users, we also have big applications (mansions) that help prepare you for top level code review certifications.
Best of luck to all
1 comments