How to Get Started into Bug Bounty By HackingTruth

Hacking Truth

What is Bug Bounty?

Bug Bounty is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. How to Get Started into Bug Bounty By HackingTruth

Basic Technical things to get started-:

There are many things you have to learn but I cannot list of all of them here. I’m listing a few important topics and you should learn more by yourself.


Linux — Command line

Web Application technologies

Networking basics

Learning Basics of HTML, PHP, Javascript

Choosing your initial Path-:

Choosing a path in the bug bounty field is very important, it totally depends upon the person’s interest but many of the guys choose the web application path first because according to me it’s the easiest one. How to Get Started into Bug Bounty By HackingTruth

Web application Security Testing
Mobile Application Security Testing


1–Modern Web Penetration Testing

2–The Hacker Playbook Practical Guide

3–The web application hackers handbook

4–Web Hacking 101

5-The Hacker Playbook 2 Practical Guide To Penetration Testing

6–The Hacker Playbook 3 Practical Guide To Penetration Testing

7–Hands On Bug Hunting for Penetration

8-OWASP Testing Guide

9-Mobile Application hacker’s handbook

10-Breaking into Information Security: Learning the Ropes 101

YouTube Channels-:

Security Conference talks you should watch-:

1-Akhil George-

2-DEF CON 23 — Jason Haddix — How to Shot Web: Web and mobile hacking in 2015-

Follow these guys on Twitter-:

1-Frans Rosén

2-Mathias Karlsson


  •     Burpsuite
  •     nmap
  •     Netcat
  •     OwaspZap
  •     Kali Linux
  •     Sqlmap

Bug Bounty Platforms-:

Invite based Platforms:


Blogs you should follow-:

Sample format of report:

    Vulnerability Name
    Vulnerability Description
    Vulnerable URL
    Steps to Reproduce

Vulnerabilities Priorities:

    P1 -Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
    P2 -High: Vulnerabilities that affect the security of the software and impact the processes it supports.
    P3 -Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
    P4 -Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
    P5 -Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed an acceptable business risk to the customer.

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

- Hacking Truth by Kumar Atul Jaiswal


Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !