Next, check out this page at the IronGeek site. WebGoat is probably the application from this page that you want to try first, its a great tutorial based introduction to the various classes of web vulnerabilities. Then test your skills breaking into these applications. WebGoat should show you how, the rest can be used as practice.
Check out the various web tools in BackTrack. Follow some tutorials on their use.
Have a good read of the OWASP site, especially the Testing Guide. See if you can use the Testing Guide to test one of the insecure web applications from the IronGeek site.
If you need more information the book "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws" is also a good reference.
Also keep in mind that cracking an executable doesnt have anything to do with web application penetration testing.