How to start Bug Hunting in 2023
2023-5-3 02:31:27 Author: infosecwriteups.com(查看原文) 阅读量:24 收藏

Neeraj Kumar (@dachman)

InfoSec Write-ups

Hey, I am back once again. In this article, I will talk about how to start bug bounty. I assume you already know What is Hacking

from Unsplash author is Kaur Kristjan

A bug bounty is a program that is run by the company for monetary reward. If you find any vulnerability in company assets. They will be paid.

Technical Definition of Bug Bounty Program

A bug bounty program is a type of crowdsourced security initiative in which companies offer monetary or non-monetary rewards to ethical hackers, security researchers, or individuals who find and report security vulnerabilities in their software, applications, or systems.

First You Know to Basics of Tech

  • Internet, HTTP, TCP/IP
  • Networking
  • Command-line
  • Linux
  • Web technologies, java-script, PHP, java
  • At least 1 programming language (Python/C/JAVA/Ruby..)
  • Owasp top 10

Choose the right platform:

There are many platforms available that specialize in hosting bug bounty programs, such as HackerOne and Bugcrowd.

These platforms offer a way to manage bug reports, communicate with researchers, and pay out rewards. Research these platforms and choose one that suits your needs. These are common platforms you can also choose some private programs.

HackerOne:

BugCrowd:

Familiarize yourself with common vulnerabilities:

Once you’ve chosen a platform, it’s important to learn about common vulnerabilities like SQL injection, cross-site scripting, and buffer overflows.

This will help you identify potential vulnerabilities when testing software or systems.

Resources where You can learn common vulnerabilities :

This is Owasp Website where you can learn common vulnerabilities.

Start with Small:

It’s important to start small and build your skills gradually. Begin by testing software or systems on the bug bounty platform of your choice, and look for low-hanging fruit like configuration errors or easy-to-find vulnerabilities.

As you gain experience and confidence, you can move on to more challenging targets.

Keep learning:

After you get some bounties and swags. Don’t stop to learn because hacking is a vast field. Every day new technique comes.

So Keep Learning

Don’t Forget to Follow me and Support me If you like my article.

Thank you


文章来源: https://infosecwriteups.com/how-to-start-bug-hunting-in-2023-696db1986e44?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh