Hello guys I will finish a bug bounty course soon what focuses on the most common vulnerabilities like XSS , SQLi , command injection , broken authentication .... etc

My problem is that idk what to do next should I practice each vulnerability alone by solving labs about it ?

Or solve ctfs and stuff where you need to do a task but you do not know the method (u need to figure out the best way to finish your task)

And besides all of that how to get into discovering real world vulnerabilities on real websites ?