Some key points to focus on as a bug bounty hunter.

This might sound odd to you but the time you spend on the target program matters a lot. If you spend only a couple of hours on the target program it is wrong. Bug bounty hunting is a matter of skills and luck. Just spending a few hours on programs could be a waste of time, Because there may be the probability that you are finding duplicate bugs, I’d suggest you choose any of the programs and spend about a week on it. Yes, you heard it right a whole week. Big things take time and the same thing goes with Bug Bounty Hunting. Take your time understanding the functionality of the target program’s application. Try noting the main things that you find in that application like noting down suspicious endpoints.

If you are a beginner who has started looking for bugs with a basic knowledge of vulnerabilities and bugs, then stop first of all get complete knowledge of how things work and how they are made. “Lack of knowledge is DANGEROUS!!!”. Imagine you are going to cook something and you don’t know the difference between Sugar and Salt. So first learn to code then work on some basic projects and then learn about vulnerabilities/bugs.

Keeps yourself in between some community of the same field can give you great benefits and remember one thing Don’t feel shame in asking things. First of all, learn to use Google to look for every possible solution and if you still didn’t find anything related to your question then go and ping your community fellows. Everyone gets offended if you ask them silly questions like “how to find XSS/CSRF or SQLi vulnerabilities easily”. There are lots of tools out there to make you work easy but looking for vulnerabilities without knowledge of your target makes no sense.

So most of the beginners make a big mistake at this point they always look at other experienced bug bounty hunters getting big bounties. Also, remember they also learned everything first then reached that position. No one can learn everything in just one day. Spend time learning things with the motivation of achieving a goal in the future. The more you will learn the more you will earn.

Also, learn Scripting. It is highly recommended to learn a programming language. You can learn “Javascript, Ruby, Bash, Python”. Also, try mastering Linux terminal look for some Curland Bash tricks to make your workflow on the terminal faster.

Many of the times what happens is that after reporting a bug most hunters expect a reward amount. Never expect that you’ll get bounty I am not saying that you won’t get anything you’ll get bounties but just don’t expect it. Close that report and start looking for other bugs, because that could end up making you sad and feel to give up. If you keep a mindset that you’ll hunt bugs for some hours, then remember one thing that this will not work all the time. Sometimes you get a bounty and sometimes you find a duplicate bug and you get no bounty for that but also think that you can find that bug and you learned to find that vulnerability.

There are a lot of people there who ask how can you learn bug bounty hunting or how can you improve your skills in web hacking. there are lots of experienced bug bounty hunters who post blogs and writeups about how they got started and what they learned throughout their journey. You can take references from that and try to get some inspiration from it. Try breaking your own limits daily.

If you wanna get into any Hacking or IT field you must have basic networking knowledge like what is IP Addresses, Mac addresses, TCP/IP Stacks, and many other topics.

Thanks for reading, Have a good day :)