Security for Web Developers: 15: Testing Guides and Aids

By the Book

There are lots of methodologies, more or less formal, for testing your web app’s security. OWASP is, of course, a biggie.

https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf

And don’t forget tools for particular platforms, for instance WordPress.

http://wpscan.org/ (this is great)

Next: https://schoolforhackers.com/security-web-developers-best-practices/