BOOK THIS SPACE FOR AD
ARTICLE ADIn Bug Bounty program is finding a vulnerability in a website is not easy . So many people ask about the bug Bounty Roadmap. So in this article. I’m going to write about complete roadmap for Bug Bounty program
Learn these 10 step deeply.
STEP-1 COMPLETE FUNDAMENTAL:
You should know about what is computer? and what the input and ouput devices then Learn about How CPU works? You know what is memory like primary and secondary memory.Next learn about data representation? Like binary, octal,decimal,hex,MB,GB, TB,.. what are the types of Software, Application of software and utilities of Software
STEP-2 Comouter Networking:
Learn about Computer network like server,routers,Switched then how to communicate share resources,data and applications
Types of Network:LanWANMANPAN etc,….2.Network Topology:
StarBusRingMeshHybrid etc,…3. Network devices:
RouterSwitchHubAccess pointModem4.Types of Communication:
UnicastBroadcastMulticast5.Network Protocols:
HTTP/HTTPSTCP/IPFTPSMTPDNS etc,..6.Common ports and protocols:
0–1023 (ARP)1024–49151(DNS)49152–65565(UDPAround 650000 ports available but should know about computer ports7.IP ADDRESSING:
IPV4IPV6Public IPPrivate IP8.Network Models:
OSI MODEL 7 LAYS9.Network Security:
FirewallsEncryptionVPN10.Common Networking Terms
BandwidthLatencyMAC AddressSUBNET11.Wireless Networking:
Wi-FiBluetoothCellular NetworksSTEP-3 OPERATING SYSTEM:
Every Devices will have an operating system to make it operate either it is connected to the internet or not connected to internet it will have an operating system. So, you should know about how this operating system works? Then learn command prompt and Linux terminal like,.
1.File and Directory Management
lsls-lacd[path]pwdmkdir[name]touch[file]rm[file]rm -r[dir]cp[source]mv [source] [destination]2.File viewing and Editing:
cat[file]more[file]/less[file]nano[file]head[file]tail[file]3.File Permissions and Ownership:
chmod[permission] [file]chown[user]:[group][file]ls-l4.Process Management:
ps auxtop or htopkill[PID]pkill[name]5.Networking:
ipconfig or ip aping[host]netstat -tulnss -tulnnmap[target]6.Searching and Finding
find[path] -name[name]grep [pattern] [file]locate[name]7.User Management:
whoamuidsudo[command]su[user]passwd8.File transfers:
scp[source] [user@target]:[destination]rsync -avz[source] [user@target]:[destination]wget[URL]curl[URL]9.System Information:
uname -adf -hdu -sh[directory]uptimefree -mThese are the important thingsSTEP-4 Web application Fundamentals:
1.Known about web application
2.Components of a Web applications
FrontendBackendDatabaseWebserverAPI’s3.Types of Web Applications
Static web appDynamic web appSingle-Page appMulti-page app4.Web application Architecture:
Client — Server modelThree-tier ArchitectureModern Web Architecture5.Common Web Protocols
HTTP/HTTPSDNSSSL/TLSREST/GRAPH QL6.Security in Web Applications
AuthenticationAuthorizationCommon Vulnerabilities:> SQL
>XSS
>CSRF
>Broken Authentication
7.Tools for Web Development:
Frontend Tools>Frameworks:React,Angular,vue.js
>Libraries: Bootstrap, Tailwind css
Backend Tools>Framework:Django,Express.js,Ruby on Rails
Database Tools>Management: phpMyAdmin, pgAdmin.
Testing and Debugging>Browser DevTools,Postman(API Testing)
Version Control>Git:Tracks changes and collaborates on code.
8.Web Application Deployment:
Web Hosting>Platforms:AWS,Azure,Google Cloud,Heroku.
Continuous Integration/Delivery(CI/CD)Automates Deployment and Testing>Tools:Jenkins,GitHub Actions,GitLab CI/CD.
Content Delivery Network (CDN)STEP-5 PROGRAMMING KNOWLEDGE
You should know any one programming language and must be know about that programming language indepth concepts
PythonJava Etc,..STEP-6 BASICS OF VULNERABILITIES
1.OWASP Fundamentals for Beginners
Should know about OWASP fundamental concepts.2.
3.Key OWASP Resources:
OWASP ZAPOWASP Dependency-Check.OWASP Security Knowledge FrameworkOWASP ASVS4.Core Concepts
Secure Coding Practices: Follow Guidelines to prevent common Vulnerabilities.Threat ModelingInput ValidationAuthentication and AuthorisationRegular Security Audits5.Learning path for OWASP
Beginner: Familiarize yourself with the OWASP TOP 10. Pratice with tools like OWASPIntermediate: Explore OWASP projects Like Juices shop(Vulnerable web app for practiceAdvanced: Learn OWASP ASVS and implement secure development lifecycle (SDL)STEP-7 PRATICE
Free Cyber Security PlaygroundsTryHackMeHack The BoxOWASP Juice ShopVulnHub2.Paid Cybersecurity playgrounds
TryHackMe(Paid Tier)Hack The Box VIPRangeForcePentester AcadmyImmersive LabsSTEP-8 LEARNING
Learn Everyone in cyber security field they’ll learn something new every day.They learn something new in the blogs and hacker one activity and read the whole reports.How they found the vulnerability, exploitation,payload and lastest hacking newsSTEP-9 Bug Bounty Tools
Burpsuite (this is free and paid available)STEP-10 NEVER GIVE UP
Don’t feel about failure. Sometimes your are tired to learn many topic and found bug will be triaged or DuplicateThank you.,,