Wanna know how to get started with bug bounties and why do thousands of security researchers from all over the world spend their time on public bug bounties? Then this post is for you.
Bug bounties are something which is a trend nowadays. Cybersecurity jobs today are not confined to only penetration testing and vulnerability assessments. Independent Security Researchers are breaking into this field by depending solely upon Bug Bounties.
Possible Reasons?
- I strongly believe the number one motivating reason is the MONEY associated with it. Albeit, a lot of factors motivate security researchers, however, being paid for reporting security bugs is a hug motivating factors for hacker. Some companies have other incentives for rewarding hackers with swags or getting your name on the Security Hall of Fame of the company.
- It really feels good when you find a bug in an application which is being used by millions of people across the globe. Getting it fixed, make you feel that you have impacted a lot of people’s life by saving their personal data and information.
- The thrill of finding the vulnerability. In a world, where hacking is considered illegal and it’s always a chance of getting jailed due to illegal hacking, hacker wannabes are getting a chance to legally do hacking for various companies.
Useful Resources:
Since you are just starting, I would recommend knowing about as many bugs as you can. A good starting point is to learn about OWASP Top 10 Web Security Risks. HackerOne’s hacktivity page is also another useful resource to read on publicly disclosed bugs.
Recommended Books:
These are some of the books I’d recommend for a beginner. I find that I still make reference to these books on occasion. You do not have to read these books chapter-to-chapter. However, the The Web application Hacker’s handbook (some call it the Swiss Army Knife book for hackers) is an invaluable book for every beginner.
- Web Hacking 101 by Peter Yaworski
- The Web application Hacker’s handbook, 2nd edition
- Modern Web Application Penetration Testing
But don’t just keep reading. After getting a grasp of what you need to do, just start with Bugcrowd or Hackerone.
Some Useful Tips:
- Choosing the target. Yes, this is the most important thing. Choosing targets like Google, Facebook or Microsoft on your first try won’t land you anywhere. It will, of course, feel good to find a bug in some of the world’s biggest companies but hey, if you could have found one why would you even bother reading this post? So chose a topic efficiently. There are lots of potential targets on Hackerone and Bugcrowd.
Choose some target that has a good number of domains in scope so that you can spend some good amount of time with it. - The second most important thing is start as soon as you can. These applications are first of all tested by the internal penetration testing team for any bugs, after that these are being tested in Private bug bounty programs. And only after that, is it being made accessible to the public for testing. Now you are thinking what are chances for finding bugs. Companies always push new code and there is nothing like a 100% secure application. There are always bugs. Some of these bugs can be severe in some cases.
- Just submitting a bug won’t do. Companies explicitly mention where you must test. So take a note of the scope carefully. Breaking the rules or testing where you are not allowed to can lead to you getting banned from the program altogether.
- Understanding the tools to enumerate subdomains. Some common tools for subdomain enumeration such as Sublist3r, Subfinder, Amass can be of great help to discover assets owned by a target.
- Keep reading reports and different books to know about other tools and about other kinds of vulnerabilities and different methods to find them. You can subscribe to my newsletter where is send monthly hacking methodologies and useful hacking tools.
Practice! Practice !!
Capture The Flag challenges and vulnerable labs are good places to practices your hacking skills. Like the name says “Capture the Flag”. There are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system.
Here are some good practice websites:
I hope this blog post has presented to you a place to start your bug bounty journery. So start hacking and find some bugs! 😎