Are you really interested in Web security ????

For every other newbie, OWASP is certainly the place to start digging topics regarding web vulnerabilities and countermeasures. There are numerous projects ranging from automated tools to study guides.

If as a noob i have to start from then i would surely go with the following links

https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series

Now to practice what i have learned, rather than illegally hacking random websites, i would download webgoat and practice my skills over there.

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Metasploit shellcode obfuscation to bypass antivirus

1) An interesting article has been presented by foip on how to encode shellcode so as to avoid antivirus detection. You can read that article at the following link

http://funoverip.net/2011/09/simple-shellcode-obfuscation/


2) Another interesting tips has been given by Mark Bagget which is available at the following address

http://pen-testing.sans.org/blog/2011/10/13/tips-for-evading-anti-virus-during-pen-testing


3) Loading meterpreter in a dll

http://hype-free.blogspot.com/2009/01/loading-meterpreter-in-dll.html

Articles worth spending time on

1) Apache reverse proxy bypass

http://www.contextis.com/research/blog/reverseproxybypass/

2) Apache HTTP Server Reverse Proxy/Rewrite URL Validation Issue

https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue

3) HTML5 : Something wicked this way comes

http://blog.kotowicz.net/2011/11/html5-something-wicked-this-way-comes.html

4) Joshua Corman discovers HD Moore's Law

https://community.rapid7.com/community/metasploit/blog/2011/11/21/hd-moores-law

5) Android Data Stealing Vulnerability

http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/