Bug Bounty Hunting: A Beginner’s Guide to Getting Started

How to get started in bug bounty ?

Table Of Contents :

What is bug bounty ?

A bug bounty program is a program which  reward offered to a person who identifies an error or vulnerability in a computer program, system, website, mobile application, code, network range or network even on a robot or A.I

Some famous platforms which host bug bounty program are hackerone, bugcrowd, intigriti and some more platforms are here.

The First “Bugs Bounty” program - 1995

The first bug bounty program was hosted by netscape in the year 1995.

Getting stared in bug bounty

Timeline of Bug Bounty programs

Bug bounty timeline

What we see lately

There’s a rapid growth in adoption of the bug bounty programs over the past decade. Every day, more organizations are adopting the Bug Bounty Model. That includes large enterprises as well as small – medium sized enterprises

  • The growing number of organizations across industries adopting bug bounty and vulnerability disclosure programs in the past year has made it clear that the crowdsourced security model is here to stay.
  • Bug bounties present significant value comparing to traditional testing methods.
  • There’s been a huge increase of critical vulnerabilities being identified by Bug Bounty programs.

How Bug Bounties Work?

How bug bounty works

What you need to know before starting a bug bounty program

▸ Scope – * (Sub-domain enumeration)
Focus – Payment processing
Exclusions – 3rd party sites
Organization- wide awareness
Environment – prod vs staging
Access – Shared credentials or self signup
Decide – Private or Public?

▸Define a Vulnerability Rating Taxonomy

Who are bug bounty hunters ?

All over the world
All levels of experience
Passionate about security
All ages
Like to challenge
To make internet more secure!

Most important: Bug bounty hunters are like normal peoples, very few peoples have courage to start bug bounty…

Tips and suggestions for bug bounty hunters

  • Read. Learn. Practice. Because practice makes it perfect! As most of the bug bounty programs are related to web targets, the “The Web Application Hacker’s Handbook” is a must-read book that I suggest to everyone.
  • Sharing is caring! This is the motto of many well known researchers that like to share vulnerabilities they find, and their methodology, so make sure to read blog posts of other hackers.
  • Check online materials . Watch tutorials and videos related to hacking. Bug Bounty Hunting Methodology v3 Jason Haddix is a great example.
  • Be patient. Because, it will take time to find the first valid bug. Don’t be disappointed. Duplicates are everywhere!
  • Approaching a target: Let’s assume that the program has a large scope (*, don’t waste your time on main site if you are late to the party as chances are low that you’ll find anything in the main site(as everyone probably went over it so many times).
  • Recon: Start to perform reconnaissance to find subdomains. Find subdomains through various tools like Sublist3r etc.
  • Use Nmap, as it will certainly help to find hosts running on non-standard ports that may be vulnerable to critical issues.

  • Review the services and ports found by recon. Check for the infrastructure of the application. Try to understand how they handle sessions/authentication, check for CSRF (whether if they have some protection for it, i.e csrf token), test for IDOR’s. Take a look at how they filter input versus encoding etc.
  • If you get stuck at some point, ask for help. The bug bounty community helps each other, but before asking, make sure you check all the possibilities to resolve it.

The value of writing good submission

Keep the description short and simple
Show full proof-of-concept
Explain the potential impact
Don’t add video unless it has some good music in background
Provide remediation advice

Spread the love
Scroll to Top