RasPwn OS is where you can download RasPwn for your Raspberry Pi 3. You need an 8GB MicroSD card or larger.

The OWASP Top 10 has a lot of content to go through, but understanding frequent mistakes and common vulnerabilities is a must for getting your feet wet.

Authentication Bypass with SQL Injection is an example of how to bypass certain types of vulnerable auth models

OWASP ZAP is a web application attack tool and intercept proxy included in Kali Linux that has a lower learning curve for beginners

Burp Suite is a family of more feature-rich web application attack tools used by professionals. The community edition is included in Kali Linux.

Mariem's walk-through of OWASP Bricks, one of the easier sets of challenges included in RasPwn.