This document introduces common web hacking techniques such as SQL injection, local/remote file inclusion (LFI/RFI), cross-site scripting (XSS), session hijacking, web shells, and provides a demonstration of exploiting vulnerabilities on a vulnerable web application. It also lists resources for learning about ethical hacking of web applications such as courses, YouTube playlists, and security blogs.