BOOK THIS SPACE FOR AD
ARTICLE ADI have been mentioning Bug Bounty on my blog profile for a while now but I honestly have started to really hate it! Not because I am just not good at hacking, I’m actually quiet experienced hacker, but it has become really bad and I want show you few problems I have with Bug Bounty. So lets just start!
“Bug Bounty”
a reward offered to a person who identifies an error or vulnerability in a computer program or system.
Follow me on:
Instagram: dead0verflow
Youtube: deadoverflow
Most of the Bug Bounty programs are not Open Source, meaning you will be relying on just blindly testing things out! You can always hunt for only client side vulnerabilities but that’s just 30% of what you could find on a target. So blindly testing things out is not a great practice for you, especially if you are just starting out. It’s always better to read and understand backend code, then analyze where potential vulnerabilities could be hiding and finally test for them with a clear goal and idea in your mind. Almost 90% of Bug Bounty programs are closed source so it’s really hard to hunt for anything!
Sometimes finding vulnerabilities is not even a hardest part, getting paid is. Let’s say you found somehow a vulnerability, like my friend in the picture above. This vulnerability was reported on 21th December 2023. Almost 14 weeks (98 days) have passed with no responses. What he was left with was “The team is looking into this issue”. That’s it! Another vulnerability was also reported with same results as this one.
This one was reported 2 days after the first one, yet same results could be seen. My friend even requested a follow up to see what would happen but no response was given.
Bug Bounty has it’s own pros and cons, however I would argue that it has gotten really bad over the past years. My recommendation is to check in with the local companies, ask them to allow you to do security research, maybe even provide you with backend code and try out that way. It’s far better to do that since there is no competition whatsoever. Make sure to follow me on Medium since I will be doing a blog post with a random follower soon, so make sure to follow me to grab yourself a chance!
GView! Do you want to know exactly when someone has opened your email or how many times your email has been opened! GView offers just that! Head over to the link below and get yourself GView today!