Providing a hands-on approach to learning web security, PentesterLabs has both a bootcamp curriculum and several exercises available for free (in addition to paid content). Working through their bootcamp and doing the exercises is a great way to start learning web security!

Web For Pentester

A set of the most common web vulnerabilities: XSS, SQLi, directory traversals, file includes, code injection, command injection, XML attacks, file uploads, and LDAP attacks.