Finding vulnerabilities for fun and profit
There are several online sources available to learn about vulnerabilities, and a lot of applications available to help detect them. As your familiarity with the various vulnerabilities grows, along with your skills in detecting them, you will be able to quickly identify and correct them, or preferably fix them at the point of writing the code.
One great way to build your skills is to participate in bug bounty programs. There are a number of them available, and a quick online search will reveal a number of programs. Essentially, a company will give you authorization to test one of their online assets, and will potentially pay you for disclosing vulnerabilities that you find. This is a great way to not only build skills against actual websites, but potentially to make a few dollars also!
There are also a number of intentionally vulnerable web applications available on the internet, such as WebGoat, Juice Shop, Damn Vulnerable Web Application...