Thank you for your detailed response on the subject at present I am reading through the Web Application Hackers Handbook had a recent interview for a pen test company and failed the test rig scored to low with regards to XSS and SQL injections. I have also been practicing more with Mutillidae.
At present I have also just achieved a Cisco CCNA in Cyersecurity through their scholarship programme, this is where I believe that I learned the most especially with regards to network protocols and attacks ie ARP spoofing, DNS poisoning, DHCP starvation, MITM stuff on switched networks.
Looking for more experience actually pen testing think I need to run through more CTF's have a solid knowledge of all the tools and how they work its just the looking through code and finding injection points in say HTML etc that lets me down as I have zero programming knowledge though picking up HTML, CSS and Javascript quite quick would also like to learn Python.