s          ..                                 
    :8    < .z@8"`        ..                       
   .88     !@88E         @L             u.    u.   
  :888ooo  '888E   u    9888i   .dL   x@88k u@88c. 
-*8888888   888E u@8NL  `Y888k:*888. ^"8888""8888" 
  8888      888E`"88*"    888E  888I   8888  888R  
  8888      888E .dN.     888E  888I   8888  888R  
  8888      888E~8888     888E  888I   8888  888R  
 .8888Lu=   888E '888&    888E  888I   8888  888R  
 ^%888*     888E  9888.  x888N><888'  "*88*" 8888" 
   'Y"    '"888*" 4888"   "88"  888     ""   'Y"   
             ""    ""           88F                
                               98"                 
                             ./"                   
                            ~`                     
Musings from a mediocre hacker

Hacker101 CTF Private Program Invite

The Hacker101 Capture the Flag challenges are great practice for learning web application security.

If paired with the accompanying course you will have relatively little issue getting invites.

It took me around an hour and a half to get a single invite to a private program. There are challenges from Beginner to Intermediate difficulty.

https://www.hacker101.com/videos

https://ctf.hacker101.com/

If paired with a PentesterLab subscription, The Web Application Hackers Handbook, running Damn Vulnerable Web Application and attacking.
Plenty others exist but these are the best sources in my exerience (which isn’t much :)).