BOOK THIS SPACE FOR AD
ARTICLE ADA bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Bug Bounty is a name given to several and programs where you have to find bugs/loopholes/security vulnerabilities in an application and make money doing it
In simpler terms bug bounty is a program where you get paid to find bugs in any application. That application can be desktop application, android, website, anything. The applications are given by companies to check for bugs and vulnerabilities.
If you are familiar with different exploitation and testing techniques then you can start by signing up on bug bounty platforms like #1 Crowdsourced Cybersecurity Platform | Bugcrowd
and Bug Bounty — Hacker Powered Security Testing
If you are not familiar with anything regarding this field then you have to dive deep into technology and learn all the basic and advance stuff of Networking, Web Development, Applicatoon security or Hacking.
You need to know how applications are made, how they connect, how they are tested and ways to break them. If you want to go into web application testing learn things about web development and web application attacks like xss, sql injections etc. Same for every other kind of application.
So if you are new to this stuff, get ready for a long and exciting journey of learning and practising.
The amount of money you earn depends upon your skillset. A single bug can give you 50$ to 2000$ depending upon its severity. It can be less or even larger depending upon how much company is willing to pay.
On specific platforms like Hackerone a small bug is awarded with 50–100$ and a critical bug can give you 1500–2000$ (on average)
you want I learned it for “FREE” given that lots of efforts and dedication is needed for that. But trust me, self learned hacker is the best hacker.
Master html/js it would be awsm if you understand php & asp. Knowing python would be cherry on the top.Learn OWASP top 10, now don’t just learn how to find them, I would also suggest you to learn how to exploit them, hackthebox is very nice if u want to exploit legally.Cool, this would get you going…but wait, you wanna see what it really is ? The community has it for you.You should read hackerone reports, and poc writeups on medium, or personal blogs of researchers. Pentester.land will give you all the reports( mostly)Aah…reading is boring, I like videos..sure, many a times the analyst is not able to understand/reproduce the issue, so they ask for a poc video.but after the bug has been resolved, we upload and share the video on YouTube, just search like… <bug name> poc videoOne personal tip :- don’t rush for money in the beginning, you won’t get any and would get frustrated and would leave hunting. Go for points and swag and hof programs initially, once you get hold of it, then come to money.How it works: Certain companies can offer programs for ethical hackers to test their systems, find vulnerabilities, develop more solid programs to prevent future attacks. In doing these tasks or programs, those companies can reward the hackers who have solved the challenges . The payments can range depending on the level if challenges you have done .
Some of the sites for enthusiast bounty hunters ( those who do bug bounty) are : HackerOne , Bugcrowd etc…..
I hope you got some idea about what Bug bounty is and how to get started.
Keep Learning and Earning!