BOOK THIS SPACE FOR AD
ARTICLE ADA lot of people don’t really know where to start learning about bug bounty or even network security. Should i start by learning to program? Should i just start running automation tools and hope for the best? Should i read every book about bug bounty that comes up when i google bug bounty? With this resource I'm hoping that i can narrow down your path and get you going towards your goal.
The first thing i would do is go to port swiggers web security academy. This honestly is one of my favorite resources because not only does it give you a great overview of each vulnerability class but after reading about it you can go in and practice what you learned. This takes away the stress of trying to practice what you learned on a real target and potentially messing something up. This is also good because you'll know what it looks like when the exploit works. They have the following vulnerability classes.
SQL injectionCross Site ScriptingCross Site Request ForgeryClick JackingDom Based VulnerabilitiesCross Origin Resource SharingXML External Entity InjectionServer Side Request ForgeryHTTP Request SmugglingOS Command InjectionServer Side Template InjectionPath TraversalAccess Control VulnerabilitiesAuthenticationWeb SocketsWeb Cache PoisoningInsecure DeserializationInformation DisclosureBusiness Logic VulnerabilitiesHTTP Host Header AttacksOAUTH AuthenticationFile Upload VulnerabilitiesJWTPrototype PollutionGraphQL Api VulnerabilitiesRace ConditionsNoSql InjectionAPI TestingWeb LLM Attacks