Recently I started working on application security. Worked as a backend software engineer for my years, had some basics, but now I get to learn how to hack a system.
These are the vulnerable apps that helped me a lot to learn new concepts:
Checkout the docker-compose files: dev-setup-security
To get my basics right, I used Security Knowledge Framework.