It seemed like a decent introduction, I am a beginner programmer/developer (doing Odin project at the moment and only done some small projects before).
Without knowing the book, I think that not that much has changed. There's something new every day, but just as keeping up with that is a regular task, so would be transitioning from the state presented in any book or tutorial to the practical application you are facing today. Everyone does stuff slightly differently, and by and large the attacks haven't really changed.
Memory corruption and cross-site scripting have both been around for decades and are still vulnerabilities you'll find daily in today's work. The only bugs that have actually gotten a lot better is sql-injection and password storage (not guidelines), the former with parameterized queries and the latter with hashing (even if it's frequently still plain sha1). But the principle still applies: just last week the customer put text into a json string ('''<script>data=JSON.parse("<?php echo $data;?>");</script>''') which is basically identical to an sql injection but with a different language (i.e. javascript). If you learned about sqli a decade ago, that knowledge still works today.
As a tester, I don't know what you mean. I make my own tests, like, there's nobody telling me which checklist to work down when testing a particular webpage. Or do you mean the conceptual tests, i.e. finding whole new concepts such as XSS or <insert favorite javascript library> template injection?
Edit: From a comment[1] that happened to be just below yours when I loaded the page (emphasis mine):
> If penetration testing is your job [...] run a bunch of scripts/tools against a list of IP addresses/hostnames and generate a template-based report. That is tedious, mindless work.
> There's "security consulting" too which often involves at lot of actual penetration testing (not just running scripts)
Is that the distinction you're trying to make? I happen to be in the latter category but perhaps I'm branding myself wrong when I say I'm a tester (my business card says consultant, not tester, but I also test things so I felt addressed when you said tester).
Memory corruption and cross-site scripting have both been around for decades and are still vulnerabilities you'll find daily in today's work. The only bugs that have actually gotten a lot better is sql-injection and password storage (not guidelines), the former with parameterized queries and the latter with hashing (even if it's frequently still plain sha1). But the principle still applies: just last week the customer put text into a json string ('''<script>data=JSON.parse("<?php echo $data;?>");</script>''') which is basically identical to an sql injection but with a different language (i.e. javascript). If you learned about sqli a decade ago, that knowledge still works today.