This is also my methodology when learning. In addition to this, when reading a blog post about a vulnerability, say for example the writer talked about the application having a functionality to comment on a blog post or the writer showed a screen shot of the Burp HTTP request, take a minute before continuing with the rest of the write-up and ask yourself if I were to be the one with this request, what would I have done and list out all the things you would have tried out then continue, if the list of things you noted down is among what the writer tried then that’s good and if it’s not, don’t be too hard on yourself, just add it to your own checklist. Thanks for the write up man.