The EC-Council approach

The EC-Council's Hacking and Hardening Corporate Web App/Web Site CAST 613 course (https://www.eccouncil.org/programs/web-application-security/) tackles a selection of the most impactful and feared attacks. Their course touches on the highlights and is focused on assisting developers in understanding how to better secure and test their applications. Given that the EC-Council does not have an offensive certification focused on purely web app pen testing, this course and certification can augment a more general pen testing methodology as learned in the EC Council's Certified Ethical Hacker (CEH) certification. As with many EC-Council certifications, materials are available either through their training courses or through third-party texts available at bookstores and online.

We'll refer to some more of the ethical guidelines from the EC-Council, but given that this is not as popular a path as their CEH, look at more established standards for web pen testing in particular.