How to start in Bug bounty hunting?

Khaled Mohamed
2 min readMar 25, 2021
Photo by Clint Patterson on Unsplash

There in the world, some of the companies Create things called bug bounty programs why their do that? I will tell you there are many hackers hacking the companies and do a harmful thing to them such as exposed the data and hack them systems and them security teams can’t discover all the vulnerabilities at the company, and for discovering many of the vulnerabilities they create a program for bug bounty to allow the ethical hackers to discover the vulnerabilities and report the vulnerabilities to them for just fix the vulnerabilities.

How to be a bug bounty hunter?

It’s easy to be but It’s not easy to continue because before you start in this field you must have some patience and the steps to be the bug hunter is you must know the basics of cybersecurity and know how you can discover the vulnerabilities at the web or network or the mobile applications.

Skills you must know to be a bug hunter?

To start in the bug bounty as a web application bug hunter you must know about the OWASP Top 10 vulnerabilities for the web applications examples:-

  • Cross-Site Scripting (XSS)
  • Server-Side Request Forgery (SSRF)
  • Local & Remote file inclusion
  • Information Disclosure
  • Remote Code Execution (RCE)

And how to collect information about the websites such as what technologies the website work on and more, you can watch some information about the other reports was reported at the HackerOne platform from page hacktivity.

Bug Bounty Hunter tools

The bug hunter uses a lot of the tools but I will tell you about some tools used by bug bounty hunters.

  • Burpsutie — Intercept proxy
  • Some tools used to extract the subdomains [Amass, Sublist3r, Subfinder…]
  • Browser
  • And you can see more tools from here

Resources

to start and continue in the bug bounty field you must read and follow some of those resources and read some below books.

  • Bug Bounty Playbook part 1
  • Bug Bounty Playbook part 2
  • Web Hacking 101
  • The Web Application Hacker’s Handbook

The best repo you must read to become a bug hunter Resources-for-Beginner-Bug-Bounty-Hunters

Am must play CTF to become a bug hunter?

No, but It will be ok if you doing that from time to time to update your mindset and know new people from a community such as HTB, Tryhackme, Root-me, Vulnhub boxs creators and players on discord, and ….etc

The End

In the end, you must have some patience to continue in this field.

Feel free to contact me if you have some Questions. Twitter: @0xElkomy

Originally published at https://blog.xelkomy.com on March 25, 2021.

--

--

Khaled Mohamed

I’m a Penetration Tester at @BugSwagger || Bug hunter || Security Researcher at Hackerone, Detectify Crowdsource, Synack Red Team.