Bug Bounty




How to get started in Bug bounty is a common question nowadays. If you think you will become successful overnight or over the week or a month, this is not a field you should join. Doing bug bounties are very competitive, it might take a year at least to do good in bug bounty.


Do not expect someone will spoon feed you everything.


Well i'm not an experienced hunter, i'm also a beginner in this field. My main motive of this blog is to share my learning paths.

You should have a basic understanding of how things work on the internet, and still there are many more things to learn. I'm listing few important topics below :

HTTP -- TCP/IP Model

Linux -- CLI

Web Application Technologies

Networking Basics

Learning Basics of HTML, PHP, JavaScript, SQL.

The list never ends it all depends upon your interest.


Choosing a path in bug bounty field is very important, it totally depends upon the person's interest but i prefer web application security testing because according to me it is the easiest one.

1. Web Application Security Testing

2. Mobile Application Security Testing (Android/IOS)

But not limited to these two it totally depends upon your interest.


Bug Bounty Platforms:




1. Bugcrowd

2. Hackerone

3. Synack

4. Intigriti

5. Safehats


Resources :

Books:



>Web Application Hacker's Handbook

>Web Hacking 101

>The Hacker Playbook 12, and 3

>The Mobile Application Hacker's Handbook

>Mastering Modern Web Penetration Testing

In addition to these books, i'll suggest you to read and understand OWASP Testing Guide & OWASP Top 10 Vulnerabilities. owasp.org


YouTube Channels:


Live Over Flow

Nahamsec

Farah Hawa

PortSwigger

Bug Bounty Public Disclosure


Blogs/Write-ups You Should Follow:



Bug Crowd Blog

Bug Hunting Medium

Pentester Land

Hackerone Blog


Twitter # tag you should follow:

#bugbounty

#bugbountytips

#infosec

#togetherwehitharder


Bug Bounty Tools you should Master:



Burp Suite

Open Vas

Metasploit

Nmap

Scrappy

John The Ripper

Wfuzz

Zaproxy

Still there are many tools but these are the mainly used tools.

Labs To Practice Legally:

Port Swigger Labs

Damn Vulnerable Web Application

Web Goat

bWAPP





Bug Bounty field is a very competitive and you should also take care about your physical and mental health. If you get duplicates then don't get demotivated just keep on trying. "Every expert was once a beginner".


Don't tell yourself you'll hack tomorrow or the day after,

 

Don't put it off until "you're ready", you"ll never be 100% ready! 

 

Don't try and learn everything you think you need to learn. 



                                                         HACK TODAY!

                     (Dupes are bugs too, if you find a dupe you found a bug)