Bug hunting with zero Experience
Bug hunting with zero Experience

How to get into bug bounty hunting with 0 experience ?

Introduction-

Hello guys my name is Indian hacker I’m a web developer, security researcher, and bug bounty expert. In today’s article, I would like to teach you a unique methodology for a beginner (intermediate also can apply this) “what is the fastest way to get into bug bounty hunting with zero experience.

Bug bounty hunting is a system for finding security vulnerabilities in software, web applications, and mobile applications; application owners reward bounties, so the bug bounty hunter can earn money in the process of doing so.

Types of bug bounty programs-

• Public program
• Private program

Public program:
Public programs are open to all hackers, anyone can hack and submit bugs to the program, as long as they abide by the laws and the vulnerability disclosure contract.

Private program:
A private program is an invite-only program for security researchers. This is a program that allows only selected researchers and hackers to participate they’re invited grounded on their skill position and statistics. Private programs only select those researchers who are professed in testing the kinds of operations that they have.

Bug Bounty Platforms-

There are so many bug bounty platforms some of them are…
• Hackerone (Recommended)
• Bugcrowd (Recommended)
• Synack
• Intigriti
• Cobalt

Prerequisites-

Here some basic prerequisites are there that you have to complete before starting…
System Requirements:
• i3/ryzen3 processor (i5/ryzen5 or above is recommended)
• 4 to 8 GB ram (ddr3/ddr4) is enough (16 GB is recommended)
• 500 GB hard disk (SSD is recommended)

Prerequisite skills:

For a beginner, I will recommend choosing your bug bounty hunting in the web security domain because it will be a little easier for you eventually you can start exploring other domains as well.
Well, here are some skills I have mentioned that you have to learn before starting bug bounty hunting…
• Computer & IT Basics
• Linux Basics
• Networking Basics (TCP/IP, OSI Model)
• Web Fundamental (HTTP, HTTPS, APIs, GET, POST, Client-Server Model, HTML-CSS-JS, etc.)
• Programming or Scripting Languages like Python, Go, Bash, Perl, Java, Rubi, Perl (You don’t have to master all of them)
• OWASP Top 10

Books-

• Bug Bounty Essential — By Carlos A. Lozano and Shahmeer Amir
• Web Security Testing Guide — By OWASP
• Mastering Modern Web Penetration Testing — By Prakhar Prasad
• Real World Bug Hunting — By Peter Yaworski
• Bug Bounty Bootcamp — By Vickie Li
• The Web Application Hackers Handbook — By Dafydd Stuttard

English YouTube Channels-

(STOK)
https://m.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg

(Nahamsec) https://m.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw

(John Hammond) https://youtube.com/c/JohnHammond010

(Cristi Vlad) https://m.youtube.com/user/cristivlad25

(InsiderPhD) https://m.youtube.com/channel/UCPiN9NPjIer8Do9gUFxKv7A

(Fara Hawa) https://youtube.com/c/FarahHawa

Hindi Channels:

(Spin The Hack)
https://youtube.com/c/SpinTheHack

(Bitten Tech) https://youtube.com/c/BittenTech

(Pratik Dabhi) https://youtube.com/c/impratikdabhi

Write-ups, Articles, Blogs, Online Community-

• https://link.medium.com/9CfjoJxEkrb
Medium (infosec writeups)

• https://portswigger.net/blog
(Portswigger)•https://blog.intigriti.com/category/bugbytes/
(Integrity blog)

• https://https://www.cybersecuritymumbai.com/
(Cyber security mumbai)

• https://www.reddit.com/r/netsec?utm_medium=android_app&utm_source=share
(Reddit)

• https://www.reddit.com/r/bugbounty?utm_medium=android_app&utm_source=share
(Reddit)

I think that’s all are enough for today, I’ll be back with another useful information like- tools, practising lab, free resources to learn, top researchers and their methods, etc in the next article till then keep learning keep growing and take care of your health, love you all

Leave a Reply