Bug Bounty is not only about finding bugs, it about making the Internet as a secured space & getting paid for that. A bug Bounty Hunter is a hacker who finds vulnerabilities in the Software & websites.
Anyone with high coding skills & interest can be a Bug bounty hunter irrespective of age. The most important thing you should maintain is to keep on learning and practicing.
Bug Bounty Hunting : Make Money by Finding Bugs
Are you new? Doesn’t matter. Everything has a starting a starting point & this may be that point to you.
- 1 How to Start your career as Bug Bounty Hunter?
- 2 Things to learn before starting your career as Bug bounty hunter
How to Start your career as Bug Bounty Hunter?
Bug bounty hunting is all related to security, ethical hacking. You not only need to know web development but also you should have a good understanding of Protocols like IP, Http, TCP etc.
That is where you start your career as Bug Bounty hunter.
Reading & Practicing
There are some Go-to books to start Bug Bounty for learning penetration testing & bug bounty. Bug bounties often target websites, so let’s start with web hacking & later we will branch out.
Web Application hackers hand book
OWA SP Testing Guide
The Hacker playbook 2: Practical Guide to penetration testing
The Tangled web: A Guide for Securing Web Applications
The Mobile Application hacker’s Handbook
IOS Application Security
There are some Blogs which concentrates on Bug Bounty. They Blog about the issues they found & will be helpful as a great resourse for insights to find types of Bugs.
Take a Bug bounty challenge with friend
One of the best ways to learn anything is learning with the compitition. If you have another geeky friend, combine with him and learn Bug bounty. Start finding bugs with compitition to him. This process will enhance your spirit & also helps to learn fastly.
Mostly, you feel the bugs you found are too minor & think they will not be appreaciated by the companies. So you will never publish such bugs. But when you are in a challenge you will try your most to publish even the bug is a minor one, which is totally good way.
Most of the successfull bug bounty hunters stated that, when they are in the beginning, the most important and hardest stage in bug bounty process is submiting them passing through shy and inferiority.
Read Write-up’s & POC’s ( Proof of Concepts )
Knowing what other people are finding in the wild & how they are doing, helps to get you into the process. Luckily, the people in the community are too happy to share their process with us in multiple platforms.
I collected some list of write-up’s from sucessfully bug bounty hunters
Join in the community
People in the community are happy to share their experiences and concepts with others. & here are some places where most of them submit their write-up’s etc.
White-hat hackers on twitter.
Bug crowd IRC channel.
Bug crowd in twitter
Join in bug crowd forum
Bug crowd & hacker one are some famous websites, you need to follow
Tools that helps you in bug bounty game
Tools itself don’t make the hacker, but they help a lot & make the work easier if you are in the field of bug bounty.
Here is an exclusive list made in bug crowd forum by samhouston.
Things to learn before starting your career as Bug bounty hunter
At this point, you know the community, tools, books & resourses to read. Now you need the process of how to find bugs & submit them.
To find a bug, first you need to approach the target.
This is the best answer I found in the BugCrowd forum.
Other important resources, you should check,
Here is an article from techjini which helps you to create a Proof of concept which clients like.
Here is an article from cobalt which helps you to write a great vulnerability report
A document from Bugcrowd that explains the process of how to report a bug to your client.