WEB SECURITY :-

Web security is the most basic and easiest to start Pentesting .

As talking about Web penetration testing or Web application testing . It consists of a large part . If you want to intro part then you should know or do some of the web development .Indirectly i mean to say that you should know very well how Internet works . As it consists of strong HTML/CSS , Javascript , Python and new frameworks that are currently running in the current work like Django , Node and all .

For more security easily Telegram channel https://t.me/thehackerstuff.

You should be regularly updated to the current security news . One should also stay in contact with OWASP members .

OWASP stands for Open Web application security . It is an open source community for security guys .

If you get comfortable with some basic web development then do learn some scripting language like Php is must as it consists the most part of the websites  and also the favourite of the hackers since it appears to be more vulnerable than any other scripting languages . For scripting languages you should learn python more making tools or scripts to make automate the tasks . For more knowledge you may learn Ruby (tools like metasploits are made in ruby ) to make more precise tools to make you testing easy .

WebApp pentesting looks easier in the beginning but onto the more precise level if you go deeper then API then things become complexer. These days API are used on a large scale so its  a new field of research and differents approaches to exploit.

The books i personally suggest are :-

1. The hacker handbook written by the creator of burp suite .

2. Modern Web Pentesting after reading the first book.

For motivation I would suggest to watch the Defcon videos on Youtube , you will see the level of hacking there.

For more geniune  hacking related videos subcribe to my channel TheHackerStuff.

Happy Hacking