How to Get Started with Bug Bounty?
A bug bounty program is a crowd-sourced penetration testing program that rewards users for identifying security bugs and exploiting them. For researchers or cybersecurity professionals, it is a great way to test their skills with a variety of targets and get rewarded in the event that they discover security bugs. Some have little to no prior programming knowledge and are completely new to the idea of web development, while others are highly skilled cyber security specialists.
The steps that should be followed are the same for everyone, but depending on one's abilities and experience, one could skip one or more of the steps.
1. Learn Computer Networking
In order to start with the bug bounty, you must have a solid understanding of computer networks. To begin with bug bounty, you don't need to be a specialist in internet protocol, but you must at least be familiar with the basics of inter-networking, such as IP addresses, MAC addresses, the OSI stack (and TCP/IP stack), etc.
2. Get Familiarized With Web Technologies
Learning the fundamentals of web development and web protocols is part of this. JavaScript, HTML, & CSS are the languages in use for web development. It is more than sufficient, to begin with, a beginner to advanced level of ability in these languages. These can be discovered through the relevant RFCs or from a variety of offline or online resources that are available online.
3. Learning Web Application Security Measures and Hacking Techniques
This will entail studying typical security measures, security procedures, workarounds for them, and typical flaws in online applications, techniques to identify these weaknesses, and steps to take to fix the applications and shield them from these weaknesses. These are helpful sources:
- Book Recommendations
- Web Application Hacker's Handbook
- Web Hacking 101
4. Practicing and Polishing Your Skills
Developing a plan of attack for a target requires practice. It will become simpler for you to approach a web application in a way that enhances your chances of identifying a significant vulnerability as you get to experience more varied targets with varying degrees of complexity. Try making great use of these resources:
- Vulnerable Web Applications: These virtual machines or web app bundles are purposefully insecure. Web apps with many sorts of vulnerabilities are offered as generic variations and as specialized variations that concentrate on a certain weakness and its intricacies. Some examples are:
- SQLol
- Rails Goat
- BWapp
- DVWA
- Juice Shop
- HCAME
- Butterfly Security Project
- Bricks
- OWASP Webgoat
- Cyclone Transfers
- The best apps for beginners are BWapp, DVWA, and Web goat.
5. Testing Real Targets
Once you are proficient and have mastered the fundamentals, you may begin conducting actual searches on legitimate websites. Many websites conduct bug bounty programs for their online resources. Some big names are:
- Starbucks
- Verizon
- Apple
- Spotify
- Shopify
These businesses offer large rewards, but because of the intense rivalry, it is quite difficult to spot a security vulnerability on any of their assets. You need to keep in mind that the best bug bounty hunters in the world are also testing these websites.
6. Staying Current on Latest Vulnerabilities
You may learn from the work of top scholars by studying them. On bug bounty websites like HackerOne, you may view reported bugs as well. Some recommended researchers to follow are:
- PortSwigger
- Geekboy
- Jobert Abma
- Jason Haddix
- Frans Rosén