What is Bug Bounty?
A reward offer to person who identifies a error and vulnerability in a computer, system, or network and reporting of bugs & vulnerability in a ethical way.
Pre requisites for Bug Bounty
1-Computer basic fundamentals
2-Networking
3-Command-line
4-Operating systems
5-Web technologies
6-Programming Languages - python & bash recommended
So if anyone want to go in android pentesting so core java is highly suggested.
So if anyone want to go in ios pentesting so swift language is recommended.
So you have to do all these things well and solve the labs-
OWASP TOP 10
1-Injection
2-Broken Authentication
3-Sensitive Data Exposure
4-XML External Entities(XXE)
5-Broken Access Control
6-Security Misconfiguration
7-Cross Site Scripting (XSS)
8-Insecure Deserialization
9-Using Components with Known Vulnerabilities
10-Insufficient Logging & Monitoring
Choose your path listed below-
Web Application Pentesting
Android Pentesting
Ios Pentesting
Source Code Review
Network Pentesting
IOT Pentesting
Blockchain Pentesting
Resources-Best book for bug bounty for beginner - if you want books for free then open this channel Telegram: Join Group Chat
1-Web Hacking 101 by Peter Yaworski-(https://www.hackerone.com/blog/Hack-Learn-Earn-with-a-Free-E-Book)
2-Mastering modern web penetration testing by Prakhar Prasad-(Amazon.in)
3-The web application hacker’s handbook 2nd edition -(https://www.amazon.in/Web-Application-Hacker′s-Handbook-Exploiting/dp/1118026470)
4-Bug bounty playbook by Alex thomas 1 & 2 nd part
Best twitter accounts for bug bounty
https://twitter.com/Jhaddix?s=20
https://twitter.com/NahamSec?s=20
https://twitter.com/TomNomNom?s=20
https://twitter.com/thecybermentor?s=20
https://twitter.com/zseano?s=20
https://twitter.com/stokfredrik?s=20
writeups & blogs
https://hackerone.com/hacktivity
https://pentester.land/list-of-bug-bounty-writeups.html
testing labs
paid labs
https://pentesterlab.com/
https://www.pentesteracademy.com/topics
https://app.hackthebox.eu/
tools for bug bounty
Burpsuite
OWASP ZAP-alternative of burpsuite
Sqlmap
Dirsearch
ProjectDiscovery-ProjectDiscovery · GitHub
Bug bounty platforms
https://www.bugcrowd.com/
https://hackerone.com/