βOWASP Web Security Testing Guide - comprehensive guide to testing the security of web applications and web services created by the OWASP foundation.
There is a bug bounty focused search engine at https://www.bugbountyhunting.com/? that can point you in the direction of tools, attacks, methodology, writeups, anything you want. It is amazing.
βbounty-targets-data - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
βhttps://www.webgap.io/ - WEBGAP remote browser isolation physically isolates you from the risks of using the internet by isolating your web browsing activity away from your local device.
βhttps://requestbin.com/ - A modern request bin to collect, inspect and debug HTTP requests and webhooks
βRace-the-web - Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
βDVCS-Ripper - Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, etc.
βcrAPI - completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.