1) Think like real-:You should have to create a confident in yourself there is certainly an exploiting way in the site or system. Just focus on different ways. Using inspect element tool on mozilla firefox is very useful(personal recommendation) , you can see the source code with details of the entire page with the help of this tool. You can refer various parameters and tags which are hidden in actual page but used in the script.
2) Start with natural ways-:Some of the mostly used attacking ways are CSS(Cross Site Scripting), Remote code execution, session hijacking, SQL infection, Server attacks, URL redirecting etc. Learn to do this things will help you to learn what is actually ethical hacking means. Now also there are many sites which are vulnerability to this methods.
3) Use paper and pen -:Use paper to note down various things that you found for example ,change in parameters, important tags used in the page etc. Keep in your mind that you are doing a research so you need to practice the way like a research. Don't concentrate only on one side itself you should have to drift to different if you want that there is no specific exploiting way.
4) Don't give up-:If you fail to find the exploiting way then that never means that you don't having hacking skill it only means that the site or the system is strong and tight in its security. The thing that a ethical hacker need to find that is the security is strong or not if it is strong leave it and go for another.
Now companies like Facebook, Microsoft, Google, Mozilla, Paypal etc give some bounty for the security researchers who finds a way to exploits there sites or products. So do security researching and earn bounty. Don't practice black hacking it is not good for our life, some times you will get more money with black hacking but its totally wrong and it always end in trouble. So work for the good of the computer systems and network, you will get paid as well your heart will proud of you. All the best.