The Hacker101 Capture the Flag challenges are great practice for learning web application security.

If paired with the accompanying course you will have relatively little issue getting invites.

It took me around an hour and a half to get a single invite to a private program. There are challenges from Beginner to Intermediate difficulty.

If paired with a PentesterLab subscription, The Web Application Hackers Handbook, running Damn Vulnerable Web Application and attacking. Plenty others exist but these are the best sources in my exerience (which isn’t much :)).

Tags: ,