HackerOne or BugCrowd or VDP?

Hi Ajak Amico’s Welcome back to another blog, Today I will share my experience on Which platform will be best for bug bounty at the initial stage? and one of the worst lies I hear from every security influencer is Beginner's best platform is HackerOne and Bugcrowd😂.

Ok, So now you learned bug bounty with some courses or practised in simulation sites. But now it’s time to come to real sites, which one should I choose? Before starting, if you haven’t subscribed to our channel, do subscribe, guys.

Follow our Youtube Channel: @ajakcybersecurity (280 Videos)

Follow on Instagram: @ajakcybersecurity

H1 vs Bugcrowd vs VDP

1) Know the Difference

HackerOne: HackerOne is a bug bounty platform that connects businesses with ethical hackers worldwide to identify and report security vulnerabilities in exchange for rewards, improving organizations’ security posture. Eg: Amazon

BugCrowd: Bugcrowd is a bug bounty platform that facilitates collaboration between companies and ethical hackers, allowing the identification and reporting of security vulnerabilities in exchange for rewards, thereby enhancing organizations’ security defences. Eg: Dell (Same as Hackerone)

VDP: VDP, or Vulnerability Disclosure Program, is a framework implemented by individual organizations to encourage security researchers to responsibly report discovered vulnerabilities, fostering collaboration in identifying and addressing security flaws for improved overall security. Eg: Google, Zoho, Microsoft, Apple

2) Beginners Platform

Yes! Practise on Indian Government site, sounds crazy right? this helped me to learn bug bounty very fast and with huge knowledge, now people reading this blog will be from other countries too, well that’s not a problem! you can also practise because you will find all bugs from clickjacking to Remote code execution.

Advantage of practising in Indian government sites

You get Appreciation mail from the Indian government, which is similar to Hall of Fame, you can add it to your resume or CV too!Learn real-life flaws from Low to critical bugs.The platform will not be crowded.Quick response from the team.

Where should I report if I find flaws in Indian government sites?

NCIIPC is the National Critical Information Infrastructure Protection Centre in India responsible for safeguarding critical information infrastructure from cyber threats.

Go to this site https://nciipc.gov.in/ you will find a disclosure vulnerability form, fill that out and send mail to rvdp@nciipc.gov.in

You can hunt on all the Sites that end with .gov.in

Google dork: .gov.in

NCIIPC Platform

2) Intermidiate Platform

Ok, Now, once you practised on Indian government site, you can I now jump into VDP Programs, ok now When it comes to VDP programs, don’t jump into Google, Apple or Microsoft, the only reason I recommend not jumping into these programs only because of the crowd! Well my recommendation, is to go some E-Commerce sites, because it would have many features, and they will always update their sites regularly, so you can find even more features, until of my experience, All UK based E-commerce based sites have some fast triage and replies to your Email are very quick. I have attached of the VDP programs sites

Github link: https://github.com/yesnet0/bounty/blob/master/programs-list.csv

(Check for VPD programs from the above link)

Pros and Cons of VPD:

Less Crowded platformsSlow response time.No faster Email response.VDP Program

3) Advanced Platform

Yes, once you are good with VDP you can go with advanced platforms like HackerOne and bug crowd, but when choosing the target, choose target which has a wide scope, i.e. which as an asterisk in the target. for eg: *target.com. Now you can hunt on google and apple like platforms too. because now you have the mindset to accept the duplicates. 😂

Pros and Cons of VPD:

More Crowded platforms.Quick triage process.Faster Email responseHigher Amount of bounty.Hackerone & Bugcrowd

4) Conclusion:

Guys, strictly, this is just my opinion on how to hunt on different platforms step by step, and I post this, especially for beginners. End of the day, it’s your choice to hunt on targets. one more tip, if you are a beginner, don’t aim for any bounties at the first shot, your aim should be just to learn and gather knowledge every day. at last, have the mindset of accepting the duplicates and moving on. hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️

“கற்றவை பற்றவை🔥”

Learn Everyday, Happy Hacking 😁🙌

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Follow our Youtube Channel: @ajakcybersecurity

Follow on Instagram: @ajakcybersecurity