How to Get Started in Bug Bounty

Community Discussion
1

What is Bug Bounty?

A reward offer to person who identifies a error and vulnerability in a computer, system, or network and reporting of bugs & vulnerability in a ethical way.

Pre requisites for Bug Bounty

1-Computer basic fundamentals
2-Networking
3-Command-line
4-Operating systems
5-Web technologies
6-Programming Languages - python & bash recommended

So if anyone want to go in android pentesting so core java is highly suggested.

So if anyone want to go in ios pentesting so swift language is recommended.

So you have to do all these things well and solve the labs-
OWASP TOP 10
1-Injection
2-Broken Authentication
3-Sensitive Data Exposure
4-XML External Entities(XXE)
5-Broken Access Control
6-Security Misconfiguration
7-Cross Site Scripting (XSS)
8-Insecure Deserialization
9-Using Components with Known Vulnerabilities
10-Insufficient Logging & Monitoring

Choose your path listed below-
Web Application Pentesting
Android Pentesting
Ios Pentesting
Source Code Review
Network Pentesting
IOT Pentesting
Blockchain Pentesting

Resources-Best book for bug bounty for beginner - if you want books for free then open this channel Telegram: Join Group Chat
1-Web Hacking 101 by Peter Yaworski-(https://www.hackerone.com/blog/Hack-Learn-Earn-with-a-Free-E-Book)
2-Mastering modern web penetration testing by Prakhar Prasad-(Amazon.in)
3-The web application hacker’s handbook 2nd edition -(https://www.amazon.in/Web-Application-Hacker′s-Handbook-Exploiting/dp/1118026470)
4-Bug bounty playbook by Alex thomas 1 & 2 nd part

Best twitter accounts for bug bounty
https://twitter.com/Jhaddix?s=20
https://twitter.com/NahamSec?s=20
https://twitter.com/TomNomNom?s=20
https://twitter.com/thecybermentor?s=20
https://twitter.com/zseano?s=20
https://twitter.com/stokfredrik?s=20

writeups & blogs
https://hackerone.com/hacktivity

https://pentester.land/list-of-bug-bounty-writeups.html

testing labs

paid labs
https://pentesterlab.com/
https://www.pentesteracademy.com/topics
https://app.hackthebox.eu/

tools for bug bounty
Burpsuite
OWASP ZAP-alternative of burpsuite
Sqlmap
Dirsearch
ProjectDiscovery-ProjectDiscovery · GitHub

Bug bounty platforms
https://www.bugcrowd.com/
https://hackerone.com/

2 Likes
2

that’s good!

1 Like
3

this honestly was amazing !!

Keep up the good work

1 Like
4

thnx sir