Cybersecurity

Beginners Guide | How to Get Started into Bug Bounty?

September 27, 2020 | By Parag

2953 Views

If you are new, do check out my last post on Beginners Guide | How to Start a Career in Ethical Hacking? | Tips on Career Path

🤑 Can you get rich by reporting software vulnerabilities? If you ever dreamed of earning money by becoming a bug hunter 😎, here are some essential tips/ways to become a successful bug bounty hunter👇

WHO IS BUG BOUNTY HUNTER?

A Bug bounty hunter is a hacker who is paid to find vulnerabilities in software and websites. For researchers/cybersecurity professionals, it is a great way to test their skills on various targets and get paid well by reporting vulnerabilities. The steps are the same for everyone. According to BugCrowd, India takes the top spot for Bugcrowd hackers worldwide. It is found that the number of bug hunters from India grew by 83% from the previous year.

HOW TO GET STARTED?

Anyone with a good knowledge of computer skills can become a successful finder of vulnerabilities. There is no age limit. You can be young/old when you start as a beginner. The main requirement is that you need to keep learning continuously along with the adequate amount of patience 😀 Also, Focus on the specific type of vulnerability, Read write-ups on the vulnerabilities, Search for the vulnerabilities on the program you’re targeting.

To know more in detail, refer: WHAT ARE THE BASIC TECHNICAL SKILLS REQUIRED IN CYBERSECURITY?

Along with the above skills, you need to get familiarize/learn👇

CHOOSING YOUR INITIAL PATH ( Website Pentesting or Mobile Application Pentesting ):

It is necessary to know on which path you are going to work. New bug bounty hunters should narrow their focus to allow them to get familiar with a specific vulnerability type and get to grips with it. At the start, go for simple bugs, and understand the end-to-end process before trying to hit the bigger targets. Choosing a proper path in the bug bounty stream is very important. In my opinion, many of the guys pick the web application path first because it’s the easiest one.

PLATFORMS TO HUNT FOR THE BUGS:

BUG PRIORITIES:

READ THE TERMS ( InScope or OutofScope ):

Before you start testing on any of the targets, please read the disclosure and terms which are within the scope. Often I see beginners go out of scope. Please be responsible for yourself and the actions you take. Give adequate time for the companies/organizations to react on any of the bugs that needs to fix Also, please do not post a vulnerability until it is fixed publicly.

LABS TO LEARN OR TEST YOUR SKILLS:

ESSENTIAL TOOLS:

BOOKS TO REFER:

YOUTUBE VIDEOS:

FINAL VIEWS:

According to James Kettle, “When learning, ensure you get practical experience via labs (mentioned above). When you’re ready to hunt for real, pick a website with complex functionality (the lower the payout the softer the target), and don’t move on until you’ve learned how it works inside out.” Once you are confident enough for bug hunting, check out real-life bug bounty platforms to hunt for live bugs in real websites/apps, and get paid. Note: It will take you months to find your first bug, and when you do submit your first bug it may not be what you think it is. Don’t let that discourage you or take away your confidence because if you ask the best hunter out there, they will all have the same story!

So go and start hunting! 💰

If you enjoyed the blog, please share as much as you can to help others find it. Feel free to Contact Me.