WEB SECURITY :-
Web security is the most basic and easiest to start Pentesting .
For more security easily Telegram channel https://t.me/thehackerstuff.
You should be regularly updated to the current security news . One should also stay in contact with OWASP members .
OWASP stands for Open Web application security . It is an open source community for security guys .
If you get comfortable with some basic web development then do learn some scripting language like Php is must as it consists the most part of the websites and also the favourite of the hackers since it appears to be more vulnerable than any other scripting languages . For scripting languages you should learn python more making tools or scripts to make automate the tasks . For more knowledge you may learn Ruby (tools like metasploits are made in ruby ) to make more precise tools to make you testing easy .
WebApp pentesting looks easier in the beginning but onto the more precise level if you go deeper then API then things become complexer. These days API are used on a large scale so its a new field of research and differents approaches to exploit.
The books i personally suggest are :-
- The hacker handbook written by the creator of burp suite .
2. Modern Web Pentesting after reading the first book.
For motivation I would suggest to watch the Defcon videos on Youtube , you will see the level of hacking there.
For more geniune hacking related videos subcribe to my channel TheHackerStuff.