Start Learning Bug Bounty Hunting.
Are you planning to become a Bug bounty hunter? You are in the right place I will tell step by step things you need to become a bug bounty hunter.
Do you know? Forty million USD worth bounty earned by Ethical hackers in 2019, which is th equal amount of all previous years combined, according to the 2020 Hacker Report by HackerOne.
Table of Contents
In this process, a person needs to find vulnerabilities in Programs or a Web application. He is going to paid to find bugs.
A misunderstanding that a person needs to be from computer science education to be successful in a bug bounty hunting.
Someone with the interest in computers and an excited about it can become a real hunter of vulnerabilities. You have to learn the computer science fundamentals by yourself. So, If you are from the non-technical background, You may be a student or a professional when you start. The actual mindset needs to keep learning continuously.
Everything you need learns to start.
So many things are there; initially, i tell essential topics.
- Computer Network Basics
- TCP/IP model
- HTTP Protocol (Requests, Responses, Methods, Headers)
- Linux Commands
- Web Applications technology
the list does not end here.
Start with Top Web Application vulnerabilities (OWASP)
begin with (OWASP 2010) to understand the ancient risk than take the latest version of OWASP for current updates.
Learn from the guide and do some practice on legitimate targets.
Books that Always Help
- The Web Application Hacker’s Handbook
- Bug Bounty Hunting for Web Security
- Real-World Bug Hunting
- Web Hacking 101
- Burp Suite Cookbook
Youtube Videos channels
Essential to update yourself with the latest trends and bugs. Many of them can be vulnerable to many known or unknown threats (Zero Day). They need to test regularly for weaknesses to exploit.
Here start practice with Vulnerable LABs.
- Damn Vulnerable Web application
- XSS Game by Google.
- hack me
- Bug Bounty Notes
Bug Bounty Platforms
is excellent to examine your skills. If you found nothing in here. If you get discouraged — But you saw yourself as an Experienced person, learning is your reward, and this is more important.
Twitter # tag you can follow
Most important tool
Burp Suite, also called “the Swiss Army Knife of Bounty Hunters,“is a tool to perform security audits on Web applications. Integrated with different testing components and functionalities to carry out the tests and allows combining both automatic and manual tests. The Burp Suite tool is developed and maintained by the PortSwigger company and has two versions: Burp Free (free) and Burp Professional (paid).