What is the fastest way to get into bug bounty hunting with zero experience ?

1 month ago 23

Photo by Paulo Ziemer on Unsplash

Hello guys my name is Sk Selim I’m a web developer, security researcher, and hobby writer. In today’s article, I would like to teach you a unique methodology for a beginner (intermediate also can apply this) “what is the fastest way to get into bug bounty hunting with zero experience!”.

Sounds impressive! right?
So, without wasting any time let’s get started with it. Guys, it’s a 100 days bug bounty hunting challenge or 3 months bug bounty challenge also you can say, that is why we’ve to work smartly right?
Before getting started I’ll introduce a book no it’s not a technological book nor a hacking book! Which is “The80/20 principle” by Richard Koch. Trust me guys this book can be a game-changer, okay let me explain what’s this, the 80- 20 rule, also known as the Pareto Principle, is an aphorism that asserts that 80 of outcomes(result) come from 20 of all causes or inputs for any given event. And we’ll do the same thing, we will learn only the most required concept and skills which will help us to boost our learning speed and simplify all processes.

Introduction-
Bug bounty hunting is a system for finding security vulnerabilities in software, web applications, and mobile applications; application owners reward bounties, so the bug bounty hunter can earn money in the process of doing so.
Types of bug bounty programs-
• Public program
• Private program

Public program:
Public programs are open to all hackers, anyone can hack and submit bugs to the program, as long as they abide by the laws and the vulnerability disclosure contract.

Private program:
A private program is an invite-only program for security researchers. This is a program that allows only selected researchers and hackers to participate they’re invited grounded on their skill position and statistics. Private programs only select those researchers who are professed in testing the kinds of operations that they have.

Bug Bounty Platforms-
There are so many bug bounty platforms some of them are…
• Hackerone (Recommended)
• Bugcrowd (Recommended)
• Synack
• Intigriti
• Cobalt

Prerequisites-
Here some basic prerequisites are there that you have to complete before starting…
System Requirements:
• i3/ryzen3 processor (i5/ryzen5 or above is recommended)
• 4 to 8 GB ram (ddr3/ddr4) is enough (16 GB is recommended)
• 500 GB hard disk (SSD is recommended)

Prerequisite skills:
For a beginner, I will recommend choosing your bug bounty hunting in the web security domain because it will be a little easier for you eventually you can start exploring other domains as well.
Well, here are some skills I have mentioned that you have to learn before starting bug bounty hunting…
• Computer & IT Basics
• Linux Basics
• Networking Basics (TCP/IP, OSI Model)
• Web Fundamental (HTTP, HTTPS, APIs, GET, POST, Client-Server Model, HTML-CSS-JS, etc.)
• Programming or Scripting Languages like Python, Go, Bash, Perl, Java, Rubi, Perl (You don’t have to master all of them)
• OWASP Top 10

Books-
• The Web Application Hackers Handbook — By Dafydd Stuttard
• Bug Bounty Essential — By Carlos A. Lozano and Shahmeer Amir
• Web Security Testing Guide — By OWASP
• Mastering Modern Web Penetration Testing — By Prakhar Prasad
• Real World Bug Hunting — By Peter Yaworski
• Bug Bounty Bootcamp — By Vickie Li

Youtube Chanel-
(STOK)
https://m.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg

(Nahamsec) https://m.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw

(John Hammond) https://youtube.com/c/JohnHammond010

(Cristi Vlad) https://m.youtube.com/user/cristivlad25

(InsiderPhD) https://m.youtube.com/channel/UCPiN9NPjIer8Do9gUFxKv7A

(Fara Hawa) https://youtube.com/c/FarahHawa

Hindi Chanel:
(Spin The Hack)
https://youtube.com/c/SpinTheHack

(Bitten Tech) https://youtube.com/c/BittenTech

(Pratik Dabhi) https://youtube.com/c/impratikdabhi

Write-ups, Articles, Blogs, Online Community-
https://link.medium.com/9CfjoJxEkrb
Medium (infosec writeups)

https://portswigger.net/blog
(Portswigger)

https://blog.intigriti.com/category/bugbytes/
(Integrity blog)

https://www.reddit.com/r/netsec?utm_medium=android_app&utm_source=share
(Reddit)

https://www.reddit.com/r/bugbounty?utm_medium=android_app&utm_source=share
(Reddit)

I think that’s all are enough for today 🤔, I’ll be back with another useful information like- tools, practicing lab, free recourses to learn, top researchers and their methods, etc in the next article till then keep learning keep growing and take care of your health, love you all…❤️

Read Entire Article