This is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits.
OWASP WEB SECURITY TESTING GUIDE.
This contains info about the whole testing framework and the standards involved along.
XSS/CSRF/SQL injection - easy explanations