The Web Application Hacker's Handbook is suggested a must-read by many experienced web application hackers. Although its 2nd and last edition was in 2011, it is still regarded a relevant and highly valuable resource to this date because of the comprehensive analyses and approaches explained in this book with regards to web application vulnerabilities and how to look for them. There are no new editions of the book after 2011. Instead, web security academy was established where users can learn web application hacking while working on free simulated labs at portswigger.net. The book is quite large with about 900+ pages but it is very worth reading for people interested in learning web application hacking and bug bounty programs. Even if someone may not want to read the whole book, it may still be a good idea to keep a copy of it for occasional reference.
The pdf version of the book is available for free download at
https://www.ketabton.com/book/12527
Other top rated or generally suggested web app hacking/bug bounty books as of date are 'Real-World Bug Hunting' by Peter Yaworski(I have already provided a link to it in a different thread with the same name), 'Bug Bounty Bootcamp' by Vickie Li, 'OWASP Testing Guide v4.0 or v4.2', 'The Hacker Playbook 2' (some may prefer Playbook 3 instead), 'Hacking APIs' by Corey Ball, 'Hands on Hacking' etc.
