Open in app

Sign in

Write

Sign in

Getting Started With Bug Bounty!

Liferacer333
3 min readOct 10, 2020

--

How to get started in Bug bounty is a common question nowadays. If you think you will become successful overnight or over the week or a month, this is not a field you should join. Doing bug bounties are very competitive, it might take a year at least to do good in bug bounty.

“Do not expect someone will spoon feed you everything”.

Well i'm not an experienced hunter, i'm also a beginner in this field. My main motive of this blog is to share my learning paths.

You should have a basic understanding of how things work on the internet, and still there are many more things to learn. I'm listing few important topics below :

  • HTTP -- TCP/IP Model
  • Linux -- CLI
  • Web Application Technologies
  • Networking Basics
  • Learning Basics of HTML, PHP, JavaScript, SQL.

The list never ends it all depends upon your interest.

Choosing a path in bug bounty field is very important, it totally depends upon the person's interest but i prefer web application security testing because according to me it is the easiest one.

1. Web Application Security Testing

2. Mobile Application Security Testing (Android/IOS)

But not limited to these two it totally depends upon your interest.

Bug Bounty Platforms:

  1. Bugcrowd (https://bugcrowd.com)
  2. Hackerone (https://hackerone.com/)
  3. Intigriti (https://www.intigriti.com/)
  4. Synack (https://synack.com/)
  5. Safehats (https://safehats.com/)

Resources :

Books :

>Web Application Hacker’s Handbook

>Web Hacking 101

>The Hacker Playbook 12, and 3

>The Mobile Application Hacker's Handbook

>Mastering Modern Web Penetration Testing

In addition to these books, i’ll suggest you to read and understand OWASP Testing Guide & OWASP Top 10 Vulnerabilities. https://owasp.org

Youtube Channels:

Live Over Flow (https://www.youtube.com/c/LiveOverflowCTF)

Nahamsec (https://www.youtube.com/c/Nahamsec)

Farah Hawa (https://www.youtube.com/c/FarahHawa)

PortSwigger (https://www.youtube.com/c/PortSwiggerTV)

Bug Bounty Public Disclosure (https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA)

The Cyber Mentor (https://www.youtube.com/c/TheCyberMentor)

Stök Fredrik (https://www.youtube.com/c/STOKfredrik)

Blogs/Write-ups You Should Follow:

Bug Crowd Blog (https://www.bugcrowd.com/blog/)

Bug Hunting Medium (https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65)

Pentester Land (https://pentester.land/list-of-bug-bounty-writeups.html)

Hackerone Blog (https://hackerone.com/blog)

Twitter # tags you should follow:

#bugbounty

#bugbountytips

#infosec

#togetherwehitharder

#cybersecurity

Bug Bounty Tools you should Master:

Burp Suite

Open Vas

Metasploit

Nmap

Scrappy

John The Ripper

Wfuzz

Zaproxy

Still there are many tools but these are the mainly used tools.

Labs To Practice Legally:

Port Swigger Labs (https://portswigger.net/web-security)

Damn Vulnerable Web Application (http://www.dvwa.co.uk/)

Web Goat (https://owasp.org/www-project-webgoat/

bWAPP (http://itsecgames.com/)

“Start learning and keep Hunting!”

Bugbounty
Infosec
Cybersecurity
Hacking

--

--

Liferacer333

Written by Liferacer333

66 Followers

|Cybersecurity Enthusiast |Bug Hunter🖤| The Quieter you become, the more you hear!💥

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams