Andrew Hoffman's "Web Application Security" for a solid grounding in vulnerabilities—their nature and causes.
PortSwigger Web Security Academy to build hands on attacking and vulnerability finding skills. After that, you're basically a bug hunter 😊
I also recommend TryHackMe and Hack The Box for practice, and Tanenbaum's "Computer Networks" if you want to understand information processes far beyond what you see in Burp Suite.
