Not sure about a site, but this book is awesome. OK, there is a site, one of the authors is the creator of the Burp Suite assessment tool. (portswigger.net)
I don't want to be the guy who just says read the FAQs, but this applies to your first question.
https://www.reddit.com/r/webdev/wiki/faq
​
Javascript is the language of the web; start with it. Learn HTML and CSS for styling. This will get you enough basic front end knowledge.
​
In order to be truly good at finding web vulnerabilites, you need to know the fundamentals of the web. Learning web dev is a good start, but you'll need to learn more indepth about how the web works. Also, there's more to pentesting than web. If you are looking into pentesting, you'll probably also want to look into other aspects of pentesting (exploiting binaries, finding vulns in mobile/desktop applications, etc.)
​
Two Must Reads for Web Pentesting:
Also a nice youtube channel for learning .
Last but not least, use CTFs to practice your skills (and maybe win some prizes).
Videos about CTFs:
Two Must Reads for Web Pentesting:
Also a nice youtube channel for learning .
Last but not least, use CTFs to practice your skills (and maybe win some prizes).
Videos about CTFs: