This is a whitepaper that goes over methodologies for web application penetration testing. It is very thorough with examples and overviews.
You can download it from the following link: https://packetstormsecurity.com/files/download/146830/web-application-security-testing.pdf
Source: https://packetstormsecurity.com/files/146830/Web-Application-Penetration-Testing.html