Web Hacking Fundamentals

Buffer Overflow

SQL - SQL Injection

OWASP (Open Web Application Security Project)

If you are looking for vulnerable webapp here are some good lists :

• Hacking Vulnerable Web Applications Without Going To Jail
• Deliberately Insecure Web Applications For Learning Web App Security
• Pentest-Ground