My step by step process on how I do Bug Bounty Hunting: From finding targets to Submission of the…

Firstly here’s a brief intro about me I’m an Application Security Engineer at Day & Penetration Tester at Night, Funny right!? I help developers on how to secure their codes and at Night I do Penetration Testing on my clients. So when do I do bugbounty?? usually I prefer hunting every weekends on my free time sometime I alot atleast 3–4hours of testing sounds exhausting??Sometimes, but mostly finding exploits,vulnerability or threats makes me sane and insane at the same time LOL.

“If you do what you love, you’ll never work a day in your life.” — Marc Anthony

Let’s start! So the way I look for my target/s I’ll just focused on just one application per day or maybe continue next weekend but focus in just one application at a time. Why? the longer you stay on a project the more you get familiar with it and the gaps on the security will just come right at you.

So my go to is HackerOne, Bug Crowd and Intigriti for finding BBP Targets the way I search is I’m looking for a target Asset Type : Domain | Wildcard (Factors of choosing my target Response Efficiency > 80% and Offers bounty as well) once I found my Target for the day this is where my day starts!