How to start a career in Bug Bounty Hunting?

 

Start Learning Bug Bounty Hunting.

Are you planning to become a Bug bounty hunter? You are in the right place I will tell step by step things you need to become a bug bounty hunter.

Do you know? Forty million USD worth bounty earned by Ethical hackers in 2019, which is th equal amount of all previous years combined, according to the 2020 Hacker Report by HackerOne.

Table of Contents

Introduction

In this process, a person needs to find vulnerabilities in Programs or a Web application. He is going to paid to find bugs.

 

misunderstanding that a person needs to be from computer science education to be successful in a bug bounty hunting.

 

Someone with the interest in computers and an excited about it can become a real hunter of vulnerabilities. You have to learn the computer science fundamentals by yourself. So, If you are from the non-technical background, You may be a student or a professional when you start. The actual mindset needs to keep learning continuously. 

 

Everything you need learns to start.

So many things are there; initially, i tell essential topics.

  1. Computer Network Basics
  2. TCP/IP model
  3. HTTP Protocol (Requests, Responses, Methods, Headers)
  4. Linux Commands
  5. Web Applications technology 

 like, HTML, PHP, javascript, CSS, This is just a starter, 

 the list does not end here.

 

Initial start

Start with Top Web Application vulnerabilities (OWASP)

begin with (OWASP 2010) to understand the ancient risk than take the latest version of OWASP for current updates.

OWASP TESTING GUIDE V4 

Learn from the guide and do some practice on legitimate targets.

 

Books that Always Help

  1. The Web Application Hacker’s Handbook
  2. Bug Bounty Hunting for Web Security
  3. Real-World Bug Hunting
  4. Web Hacking 101
  5. Burp Suite Cookbook

 

Youtube Videos channels

  1. The TechCave
  2. LiveOverflow
  3. PwnFunction

 

Practice Platforms 

Essential to update yourself with the latest trends and bugs. Many of them can be vulnerable to many known or unknown threats (Zero Day). They need to test regularly for weaknesses to exploit.

 

Here start practice with Vulnerable LABs. 

  1. Tryhackme
  2. Damn Vulnerable Web application
  3. Hackthebox
  4. XSS Game by Google.
  5. Vulnhub
  6. hack me
  7. Hacker101
  8. Bug Bounty Notes
  9. Pentesterlab
  10. WebGoat

 

Bug Bounty Platforms 

is excellent to examine your skills. If you found nothing in here. If you get discouraged — But you saw yourself as an Experienced person, learning is your reward, and this is more important.

  1. Bugcrowd
  2. Hackerone
  3. Intigriti
  4. bountyfactory
  5. Bugbounty Japan
  6. Antihack
  7. Synack
  8. HackenProof

 

Twitter # tag you can follow

#infosec

#bugbounty

#bugbountytips

#togetherwehitharder

Most important tool

Burp Suite

 

 

 

Burp Suite, also called “the Swiss Army Knife of Bounty Hunters,“is a tool to perform security audits on Web applications. Integrated with different testing components and functionalities to carry out the tests and allows combining both automatic and manual tests. The Burp Suite tool is developed and maintained by the PortSwigger company and has two versions: Burp Free (free) and Burp Professional (paid).

 

The free version found already installed on Kali Linux, or you can download and install in windows, macOS.

Leave a Reply

Your email address will not be published. Required fields are marked *