There are several vulnerability types:
– Design vulnerability: due to software or specifications
– Implementation vulnerability: Code error (exception, error handling)
– Operational vulnerability: improper configurations and deployment
– Local vulnerability: local access to trigger the vulnerability of the target.
– Remote vulnerability: does not need local access.

There are several tools for vulnerability mapping, such as:
– OpenVAS
– Nessus
– W3af
– Sqlmap
– Acunetix
– Fortify
– Metasploit

You can also use burp suite to find the vulnerability. Use the tutorial of how to use and initialize the burp suite that is available in this link. If you want to know more about the website you are accessing in the firefox, you can send it to intercept by right click in the HTTP history.

What can you get from analyzing a website?
There is quite a lot of gain when you analyze a website, you will know the core functionality of the website, their error message and handling, admin function. You can also know about the security of the website and their vulnerabilities. Moreover, you can also know the technologies used in the client and server side of the website.
You also can know about the entry points of a user input. If a website require you to input a password, you will be able to track the length of the password, the queries it directs you to, and even the cookies on the website that might contain sensitive information.