The Open Web Application Security Project (OWASP) group is one of the best resources we can use for gathering information on not only the different types of attack, but also the ways to defend from them and secure coding guidance. As we are in our testing mode, we will concentrate on the attacks. An excellent reference for this is the OWASP top ten attacks. You can download the latest version from https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
The OWASP group also has an excellent tutorial called WebGoat. You can find more information about the tutorial at https://www.owasp.org/index.php/OWASP/Training/OWASP_WebGoat_Project.