Are you a programmer or ethical hacker or interested in hacking and want to make money form that? Then bug bounty hunting can be the best choice for you.
It always sounds good that you are finding bugs in the applications are earning money.
So, let us talk about the concept of Bug Bounty Hunting-
When a company makes an application then it invites hackers and security specialist to find the bug in their application and testing it. And according to that, they pay for it.
What is Bug Bounty Hunting?
Bug Bounty hunting is a paid task to find vulnerabilities in software, applications and websites. The Security team of major companies don’t have enough time or manpower to find all the bugs they have, so they reach out to private contractors for help.
Basically, you use your skills and tools to break things ( like applications, software’s and websites), write up a report of vulnerability found in the applications to the company who’s issued the bounty and then the company pays to you for this.
Some of the hackers make thousands of dollars a year on the side just hunting bugs.
How to start with Bug Bounty Hunting?
For starting with bug bounty hunting you need some basic programming and computer skills. And the great thing is that there are tons of resources available on the internet which can help you to start.
You can use our channel also to learn programming and computer skills.
All you need is to get some basics of computer programming, operating systems, and networking.
Do some research and get your tools
Once you have got a grip on basic programming, you need to dive into web applications and how they work.
You need to understand the working of the internet, hosting, cloud and other important topics of the web application.
There are some great resources out there that can point you in the right direction by reading.
• The web application hacker’s handbook
• OWASP Testing Guide v4
Then get the right tools. You will need –
• Burp Suite
• OWASP Zap
You can OWASP WebGoat lab, where you practice finding bugs and vulnerabilities in the web applications, and take a look at the google Bughunter University as well. You will get a lot of information about how to find bugs and vulnerabilities in web applications, how to write solid vulnerability reports that will get you paid. Sites like Bugcrowd and HackerOne can help with that aspect as well.
Find Bug Bounty Websites and Go Hunting
Once you are armed with knowledge and the right tools, you are ready to look for some bugs to squash. Companies will often have a link somewhere on their website offering bug bounties, but they can hard to find. It’s better to check a bounty board where hackers are reading publicly disclosed vulnerability reports and updating an active list on the daily basis. Like these
- Vulnerability Lab
- Fire Bounty
HackerOne offers Disclosure Assistance, which is a place where a hacker can report any bug to any organization. If the organization does not have any bug bounty program, they can contact the organization or company and deliver them the report.
You need to be updated with new bug bounty tools of the trade. And also there should be a strong passion for learning new things.
Hope this information will help you to start in the field of bug bounty if you have any questions you can ask in the comment section or contact on my mail.
Please don’t forget to give your valuable reviews to this blog in the comment section.