Web Application Penetration Tester
Introduction to web app security testing
Web enumeration & Information gathering
Encoding, filtering & evasion basics
For brute forcing login pages start with this: usr/share/wordlists/metasploit/unix_password.txt because it contains default passwords.