Thanks everone for responding!
I’m glad that I am not in this boat alone. (0:
Just a quick note, I do have the “Web Application Handbook” (all 600+ pages of it), but haven’t had a chance to sit down and read it. I am more of a hands-on type of learner, so that is why I wanted to start poking around some vulnerable apps.