Web App Testing Methodology
HowToHunt - Amazing collaborative project documenting testing methodology for different web application vulnerabilities.
Web App Testing Cheatsheets, Tools, and Resources
XSS-Rat's WAF Checklist - Everything you need to do to bypass a Web Application Firewall.
Misc Handy tools
Unfurl - Tool for breaking down a URL to better understand its components.
Fake credit card numbers for testing payment systems
Nahamsec's Resources for Beginning Bug Bounty Hunters - The tool set, resources, and how to guides from one of the top ranked Bug Bounty hunters in the world. He produces a ton of amazing content, videos, and even live streams of him hunting.
XSS-Rat's Free Bug Bounty Guide - Amazing chap with amazing content. If you like this guide, check out his other content. His premium content is cheap and well worth it.
https://www.bugcrowd.com/bug-bounty-list - The most comprehensive, up to date crowdsourced list of bug bounty and security vulnerability disclosure programs from across the web curated by the hacker community.
All learning materials | Web Security Academy - This platform has replaced the Web Application Hackers Handbook as the go to learning resource for web application knowledge. Huge list of attacks, resources, and documentation on how to exploit or defend them. There are also amazingly handy hands on labs that you can complete with the community version of Burp!
Burp Suite Certified Practitioner - The official Burp Suite user certification from PortSwigger
Bugcrowd University | Bugcrowd - Resources and training from one of the top Bug Bounty platforms on the market.
Burp Suite: In Depth Survival Guide | Udemy - Burp Suite is huge and complex. This course is a fantastic way to start making sense of all the utility in the tool
Web Application Hackers Handbook (Depreciated) - A great resource, but everything that is in it and more has been posted up with labs at https://portswigger.net/web-security
Operator Handbook - Netmux
Operator Handbook: Web_Exploit - pg.318