Penetration test

How to audit a Web project for penetration?

Dear participants of the beloved Project.
I am looking for information on the penetration audit of a web project.
I want to audit my own sites.
I want to test different site engines for vulnerability and data leakage.
I'm new in this business.
Learning:
Nmap
Burp Suite - owasp zap
sqlmap
sublist3r
Working with Kali Linux Only.
Interested in exactly the sequence of actions
Where to start with what to continue and how to finish.
Tell me the sequence of actions.
And, if possible, please make recommendations.
I understand everything, many can say build your strategy and everything will be Tram pom pum.
Yes, I agree. But it is desirable to look at different patterns, it is interesting to look at the patterns of other people and draw your own conclusion from this and choose a more convenient sequence for yourself.
I will be glad for your support. Since I tried to ask about it a lot on the forums, but I didn’t get any answers other than build my strategy. Hope for a more clear and human answer and more understandable for newbies.
And all with the coming!