Have some time on your hands and looking to learn about web app pen testing? Here's some advice for getting started.
Six months ago, I started my own journey learning web app penetration testing from scratch. Several people have asked me to compile these resources into one compendium aimed at those with little or no experience in information security. This list features free and open source learning materials.
For those purely interested in finding vulnerabilities for bug bounty programs, there are open source scripts you can use to quickly scan web apps. Pen testing, however, is a methodical process that requires fundamental knowledge. To find trickier vulnerabilities, like business logic flaws or race conditions, you must have a complete understanding of how the Internet and web applications function. Building a foundation of the fundamentals will facilitate your experience finding all vulnerabilities and provide necessary context to assess risk.