Friday, 7 May 2021

How to get started with bug bounty?

How to get started with Bug Bounty?



How to get started in Bug Bounty, Where to start bug bounty, What is the best time for starting bug bounty, What is the LAB setup I need to do bug bounty is a common question nowadays. I will help you out with these questions. The First thing you have to focus less on money and more on learning. 

Disclaimer:

I have to tell you one thing, that doesn't focus on completing the blog or content that I have wrote. My advice is to understand each line and methodology that I have wrote. so make sure that you have understood every tool, theory, methodology, and some other things that I have used in this blog. Also, use desktop / Computer for use this blog

Prerequisites:

I will tell you some important prerequisites for getting started with a bug bounty.

  1. Good Laptop or Desktop
  2. Balanced Internet
  3. Basic computer knowledge like software installing, Notepad, and Web searching
  4. E-mail ID
  5. Mainly Interest
Make sure that these all prerequisites are with you or else just know about things and get started when you have these all prerequisites.

Lessons you will learn from this blog:

  1. Abbreviations and terminologies used in Bug hunting
  2. Basics of web language like HTML, CSS, and Javascript
  3. Proxy
  4. Protocols
  5. Port numbers
  6. HTTP status code
  7. Headers
  8. Basics of network security
  9. Different encoding mechanisms
  10. Basics of cryptography
  11. Same-Origin Policy (SOP)
  12. Cross-Origin Resource Sharing
  13. Session management
  14. Different ways of identifying a user
  15. Cookies
  16. Authentication headers
  17. Basic knowledge about how session IDs issued
  18. Google dorks & How to find bugs with Google dorks?
  19. Burp suite & other web testing tools 
  20. Various types of bugs, the priority of the bugs, and average bounty based on the priority of bugs
  21. Report writing and POC Video editing 
  22. Analyze the best report writing and find the bounty methodology
  23. Github and How hackers are using GitHub
  24. And more

Bugs we will cover:
  1. Email spoofing
  2. Clickjacking 
  3. Cross-site scripting(XSS)
  4. Open redirection 
  5. Insecure Direct Object References (IDOR)
  6. Cross-Site Request Forgery (CSRF) 
  7. Server-Side Request Forgery (SSRF) 
  8. SQL Injection 
  9. Deserialization issues
  10. Remote Code Execution (RCE) 
  11. Race Conditions
  12. Broken Access Control
  13. And more

Others:

  1. Find Bugs using dorks and report it
  2. HackerOne and bug crowd bug finding methodology
  3. Automotive bug identification methodology
  4. And more
So let's jump into our learning process. Stay with me guys I will take you out to the bug hunting world.











Previous Post
Next Post

post written by:

0 Comments: