Out of the 20 challenges, the only two on application flaws were pretty easy to figure out (since I've been in that field for a while), but I still had no experience/idea in figuring out those with the network/human related flaws.

Gonna start by trying out some of the tools and log analyses mentioned in the book, but I think I'm going to need some hands-on practise (white-hat, of course) in order to learn faster.

You can't know what to protect, if you don't know how they might attack.
You probably won't know how they might attack, unless you've really tried it yourself.

Note to self: don't borrow more than two books at a time, you probably can't finish one within the first borrowing time period that they give you anyway...