Description

SQL Injection overview by OWASP

SQL injection by Wikipedia

SQL statement in request parameter by PortSwigger
SQL injection (basic) by PortSwigger
SQL injection (second order) by PortSwigger
Client-side SQL injection (DOM-based) by PortSwigger
Client-side SQL injection (reflected DOM-based) by PortSwigger
Client-side SQL injection (stored DOM-based) by PortSwigger

Articles

The Ultimate SQL Injection Payload by Detectify

Videos

DEFCON 17: Advanced SQL Injection
Hacktivity 2012 - Joe McCray - Big Bang Theory - Pentesting high security environments

Tools

Sqlmap by Miroslav Stampar

...

Description

Cross-site Scripting (XSS) by OWASP

Cross-site scripting by Wikipedia

Cross-site scripting (DOM-based) by PortSwigger
Cross-site scripting (reflected) by PortSwigger
Cross-site scripting (reflected DOM-based) by PortSwigger
Cross-site scripting (stored) by PortSwigger
Cross-site scripting (stored DOM-based) by PortSwigger
Browser cross-site scripting filter disabled by PortSwigger

Tools

KNOXSS by Brute Logic
XSS Hunter by Mandatory

...

Description

Cross-Site Request Forgery (CSRF) by OWASP

Cross-site request forgery by Wikipedia

Cross-site request forgery by PortSwigger

...