A mediocre, haphazardly put together cheat sheet with often application-specific examples. Pick up The Web Application Hacker's Handbook instead, or read the OWASP Testing Guide.

Thank you for not bashing without providing alternatives

I think that's a bit harsh, it does say 101 and it does provide context to a new developer as to the types of stuff possible. It's at least a positive launching point for further investigation...

Well yes, that is exactly what that is. However, you made it sound as if it were wrong for such a thing to exist. Without the proper context, how do we know that that wasn't exactly what the author intended to do?

Furthermore, in the later pages the document does mention the OWASP testing guide.

Maybe the title is a bit misleading? Let a mod change it to the original one: "Tactical Web Application Penetration Testing Methodology"

This is a good rough draft but it lacks a lot of basic background information. It reminds me of trying to teach programming by only providing a collection of code snippets, these are useful but they won't replace true guidance and they can become a dangerous learning crutch. Don't forget who your audience is (or who you're attracting with a title like Web Hacking 101) and remember that when you write you should be focusing on making it as easy to read and understand as easy as possible for them. Explain the whys behind taking certain steps such as why you should be google searching for sql errors (saves you time, it's easy, google cache pages can show details about errors that are not longer visible on the live site, and most importantly what sql is and the implications of an error).

While it's not about technical writing I think Kurt Vonnegut's advice will help you to make a better write up. Specifically #7. -- Pitty the Readers[0]

Vonnegut mentions The Elements of Style[1] which you'll find useful if you're struggling to give detailed explanations

[0] http://peterstekel.com/PDF-HTML/Kurt%20Vonnegut%20advice%20t...

[1] http://faculty.washington.edu/heagerty/Courses/b572/public/S...

Maybe this would be better marketed as a cheatsheet.

not sure if im just old hat, but it always cracks me up when i see security advice in a PDF. I know PDF readers might have improved their track record (actually, have they?), but to me they still give me chills like opening some random .doc off the internets

So how do libpdf and pdf.js fare in comparison to the likes of Adobe Reader in terms of security? I've found that I only use those two these days, even for offline PDFs.

You're not the only one and there's a reason why these links are marked with a "[pdf]" warning.

There are some targets to practice on (such as WebGoat[1]) in the answers to this security.stackexchange question:

http://security.stackexchange.com/questions/21523/sample-vul...

[1] https://www.owasp.org/index.php/Category%3aOWASP_WebGoat_Pro...

Thanks for the link, that is a really cool resource!

This is about 'cracking' - security exploits etc. - rather than a general guide to web programming (which is what I expected).