Well books reading helps, as you dont have to search the exploit yourself.
But at the same time dont forget you need to learn how to search for information.

Most of the exploit mention in the book are either fixed or out dated.
( By the time they found, author wrote, publish, circulate...... that takes time)
So you cant really "use" them. As those company who employ you to do
security check would have patched them.

If you dont want to buy books, discussion group and www is your best place to start.

As a bonus, you learn how to search for updated info as well!