This document discusses various tools and resources for exploiting vulnerabilities like injection and cross-site scripting (XSS). It summarizes the OWASP Top 10 list of most common web app vulnerabilities in 2013. It then provides information on tools like Kali Linux and browser extensions that can be used to find vulnerabilities. Finally, it describes some deliberately vulnerable web apps like WebGoat, DVWA and Gruyere that can be used for testing and training purposes.