How to Get Started into Bug Bounty By HackingTruth

Hacking Truth
0



What is Bug Bounty?


Bug Bounty is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. How to Get Started into Bug Bounty By HackingTruth


Basic Technical things to get started-:


There are many things you have to learn but I cannot list of all of them here. I’m listing a few important topics and you should learn more by yourself.

HTTP — TCP/IP Model

Linux — Command line

Web Application technologies

Networking basics

Learning Basics of HTML, PHP, Javascript




Choosing your initial Path-:


Choosing a path in the bug bounty field is very important, it totally depends upon the person’s interest but many of the guys choose the web application path first because according to me it’s the easiest one. How to Get Started into Bug Bounty By HackingTruth

 
Web application Security Testing
Mobile Application Security Testing


Books-:



1–Modern Web Penetration Testing

2–The Hacker Playbook Practical Guide

3–The web application hackers handbook

4–Web Hacking 101

5-The Hacker Playbook 2 Practical Guide To Penetration Testing

6–The Hacker Playbook 3 Practical Guide To Penetration Testing

7–Hands On Bug Hunting for Penetration

8-OWASP Testing Guide

9-Mobile Application hacker’s handbook

10-Breaking into Information Security: Learning the Ropes 101


YouTube Channels-:





Security Conference talks you should watch-:



1-Akhil George- https://www.youtube.com/channel/UCsVp13y6_bsj56V3hSph6eg/playlists

2-DEF CON 23 — Jason Haddix — How to Shot Web: Web and mobile hacking in 2015-https://youtu.be/-FAjxUOKbdI



Follow these guys on Twitter-:



1-Frans Rosén

2-Mathias Karlsson

3-dawgyg
 
 
 
 
 
 
Tools:


  •     Burpsuite
  •     nmap
  •     Netcat
  •     OwaspZap
  •     Kali Linux
  •     Sqlmap


Bug Bounty Platforms-:






Invite based Platforms:


    Synack
    Cobalt



Blogs you should follow-:

Sample format of report:


    Vulnerability Name
    Vulnerability Description
    Vulnerable URL
    Payload
    Steps to Reproduce
    Impact




Vulnerabilities Priorities:


    P1 -Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
    P2 -High: Vulnerabilities that affect the security of the software and impact the processes it supports.
    P3 -Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
    P4 -Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
    P5 -Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed an acceptable business risk to the customer.





I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)



- Hacking Truth by Kumar Atul Jaiswal


Tags

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !