Web basics
SQL injection
Path Traversal
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
These challenges should only be done after you've mastered cross site scripting.
Miscelleneous
These challenges are more difficult. Do these after you fully understand the rest.