Well exploit development is quite a broad topic - while the answers below provides answers that should pretty much help provide a certain perspective, I sure hope that this helps too.
Lets start off with Web-application security - the most common of attack vectors are detailed as part of OWASP top 10 - you can read more about specific attacks with simple google searches, there are loads of articles that do the same. In order to write exploits you can try the wargames which are present online, or download intentionally vulnerabile operating systems/applications and practice on them(DVL, DVWA etc). The techniques involved in finding these vulnerabilities include fuzzing, vulnerability scanning, source code audit and manual blackbox testing.
Another area of exploitation is that of binaries that run on a particular operating system. Such exploitation usually requires you to find the vulnerability using reverse engineering/source code audit and/or fuzzing. Writing exploits requires you to have at least a good understanding of the stack layout, calling conventions, asm and shellcode. Of course, in this case I am referring to "overflow" vulns and not logical errors.
In order to practice exploitation, you can try out wargames as they are an excellent resource. There are wargames for binary exploitation(smashthestack.org, overthewire.org), webapp hacking(hacking-lab, hackthissite.org, DVWA, and LOADS more) and crypto(overthewire.org and smashthesite.org have crypto wargames), linux admin hacking(hacking-lab has a few every now and then).
Exploit development requires one to have strong fundamentals and understand how exactly stuff works under the hood. There are quite a few books that you might find interesting based one your interests. If you are into webapplication hacking Id suggest "the tangled web" and "the web application hackers handbook". If you are into binary hacking id suggest "the shellcoders handbook"(there are so many more awesome ones but this ones the best to start off with IMO).
Please note that here I have answered the question "How to develop exploits" rather than questions such as "How do i develop the security mindset" and "How do I find security vulnerabilities".
Hope this helps.
[EDIT]
For purposes of learning do NOT use scanners(such a sqlmap), automation frameworks(for eg: msf for generating shellcode). While I think these tools are AWESOME, they should only be used once you have learnt how they work and when you reach a level that you feel you are unnecessarily doing work that could be automated.
Lets start off with Web-application security - the most common of attack vectors are detailed as part of OWASP top 10 - you can read more about specific attacks with simple google searches, there are loads of articles that do the same. In order to write exploits you can try the wargames which are present online, or download intentionally vulnerabile operating systems/applications and practice on them(DVL, DVWA etc). The techniques involved in finding these vulnerabilities include fuzzing, vulnerability scanning, source code audit and manual blackbox testing.
Another area of exploitation is that of binaries that run on a particular operating system. Such exploitation usually requires you to find the vulnerability using reverse engineering/source code audit and/or fuzzing. Writing exploits requires you to have at least a good understanding of the stack layout, calling conventions, asm and shellcode. Of course, in this case I am referring to "overflow" vulns and not logical errors.
In order to practice exploitation, you can try out wargames as they are an excellent resource. There are wargames for binary exploitation(smashthestack.org, overthewire.org), webapp hacking(hacking-lab, hackthissite.org, DVWA, and LOADS more) and crypto(overthewire.org and smashthesite.org have crypto wargames), linux admin hacking(hacking-lab has a few every now and then).
Exploit development requires one to have strong fundamentals and understand how exactly stuff works under the hood. There are quite a few books that you might find interesting based one your interests. If you are into webapplication hacking Id suggest "the tangled web" and "the web application hackers handbook". If you are into binary hacking id suggest "the shellcoders handbook"(there are so many more awesome ones but this ones the best to start off with IMO).
Please note that here I have answered the question "How to develop exploits" rather than questions such as "How do i develop the security mindset" and "How do I find security vulnerabilities".
Hope this helps.
[EDIT]
For purposes of learning do NOT use scanners(such a sqlmap), automation frameworks(for eg: msf for generating shellcode). While I think these tools are AWESOME, they should only be used once you have learnt how they work and when you reach a level that you feel you are unnecessarily doing work that could be automated.