If you are new to web application security, or looking to develop your existing knowledge, a great resource is The Web Application Hacker's Handbook. Co-authored by the creator of Burp, this book is a practical guide to finding and exploiting security flaws in web applications, and aims to be the most deep and comprehensive general purpose guide to hacking web applications that is currently available.

If you are looking for more practical experience in security testing of web applications, you could come on our training course, WAHH - Live Edition. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the forthcoming second edition of WAHH, bringing the book right up to date with the latest attacks.