Don't forget to do some preliminary study and perhaps research, and if you haven't already checked out some of my blogs, check this out: http://www.exploit-db.com/category/maxe/
There's also tons of information here, but also on the InterN0T forums: http://forum.intern0t.org/forum.php
and many others as well. Just be aware that not all guides are high quality guides, some are even incorrect and many, teaches you only the basics (of the basics sometimes), but InterN0T is a free and good place to start.
There's even threads about coding securely, how to identify the vulnerabilities in the code, e.g., in this thread: http://forum.intern0t.org/offensive-gui ... irgod.html
(which was originally posted there, before it was distributed to all the other websites. Please keep in mind that it was SirGod who wrote this.)
You can also find really good proof of concept's and possibly guides by RGod aka RetroGod, and well, this is not one of the resources I have shared often, but this one will help you (and hopefully many others too) quite a lot: http://www.blackhatacademy.org/security ... ploitation
There's plenty of web labs, both open source and commercial. I haven't tried many web app labs, but MDSec Labs are very heavy, and you may want to study the "Web Application Hacker's Handbook Second Edition" first (I'd say it's almost a requirement, but also to get the best experience), and the first edition of this book may be good as well.
What is important to keep in mind, that the MDSec Labs has a lot of content, and extreme amounts of variations of the same attack (haven't seen this in other labs), but there aren't cool things like: http://www.exploit-db.com/vbseo-from-xs ... php-shell/
, but there's a lot of nice things you can learn in there, including how to use Burp for a lot more tasks.
I did 4½ Labs, and it was a nice experience. The first 2 labs were piece of cake, but fun to do. I am planning on doing the rest of the labs, before making a complete review with good "details" (not actual solutions of course, just how I think the labs are), and the price is not bad. I used 5 credits for those 4½ labs, but I spent my time well and knew web app sec before playing in there.
So, with that being said, I hope you'll enjoy becoming a Penetration Tester, this is just the web app sec side, if you want to learn exploit development (for binary programs, etc.) then Corelan.be is one of the best places to go to.
If you want a nice overall, broad and deep certification, it's OSCP. I know you may think you'll save money on just doing OSCE, but that's very close to actual exploit development (such as 0days), and very targeted, so it is within pentesting, but it's not very broad compared to OSCP which is good for anyone
SANS courses, if you don't pay yourself, go for them. If you do, start with Offensive Security, or eLearnSecurity (Even though they're heavily web app sec focused, at least their exam is).
That's some of my best recommendations I can give for now