How to get started in bug bounty ?
Table Of Contents :
What is bug bounty ?
A bug bounty program is a program which reward offered to a person who identifies an error or vulnerability in a computer program, system, website, mobile application, code, network range or network even on a robot or A.I
Some famous platforms which host bug bounty program are hackerone, bugcrowd, intigriti and some more platforms are here.
The First “Bugs Bounty” program - 1995
The first bug bounty program was hosted by netscape in the year 1995.
Timeline of Bug Bounty programs
What we see lately
There’s a rapid growth in adoption of the bug bounty programs over the past decade. Every day, more organizations are adopting the Bug Bounty Model. That includes large enterprises as well as small – medium sized enterprises
- The growing number of organizations across industries adopting bug bounty and vulnerability disclosure programs in the past year has made it clear that the crowdsourced security model is here to stay.
- Bug bounties present significant value comparing to traditional testing methods.
- There’s been a huge increase of critical vulnerabilities being identified by Bug Bounty programs.
How Bug Bounties Work?
What you need to know before starting a bug bounty program
▸ Scope – *.example.com (Sub-domain enumeration)
▸Focus – Payment processing
▸Exclusions – 3rd party sites
▸Organization- wide awareness
▸Environment – prod vs staging
▸Access – Shared credentials or self signup
▸Decide – Private or Public?
▸Define a Vulnerability Rating Taxonomy
Who are bug bounty hunters ?
▸ All over the world
▸ All levels of experience
▸ Passionate about security
▸ All ages
▸ Like to challenge
▸ To make internet more secure!
Most important: Bug bounty hunters are like normal peoples, very few peoples have courage to start bug bounty…
Tips and suggestions for bug bounty hunters
- Read. Learn. Practice. Because practice makes it perfect! As most of the bug bounty programs are related to web targets, the “The Web Application Hacker’s Handbook” is a must-read book that I suggest to everyone.
- Sharing is caring! This is the motto of many well known researchers that like to share vulnerabilities they find, and their methodology, so make sure to read blog posts of other hackers.
- Check online materials . Watch tutorials and videos related to hacking. Bug Bounty Hunting Methodology v3 — Jason Haddix is a great example.
- Be patient. Because, it will take time to find the first valid bug. Don’t be disappointed. Duplicates are everywhere!
- Approaching a target: Let’s assume that the program has a large scope (*.example.com), don’t waste your time on main site if you are late to the party as chances are low that you’ll find anything in the main site(as everyone probably went over it so many times).
- Recon: Start to perform reconnaissance to find subdomains. Find subdomains through various tools like Sublist3r etc.
- Use Nmap, as it will certainly help to find hosts running on non-standard ports that may be vulnerable to critical issues.
Review the services and ports found by recon. Check for the infrastructure of the application. Try to understand how they handle sessions/authentication, check for CSRF (whether if they have some protection for it, i.e csrf token), test for IDOR’s. Take a look at how they filter input versus encoding etc.
- If you get stuck at some point, ask for help. The bug bounty community helps each other, but before asking, make sure you check all the possibilities to resolve it.
The value of writing good submission
▸ Keep the description short and simple
▸ Show full proof-of-concept
▸ Explain the potential impact
▸ Don’t add video unless it has some good music in background
▸ Provide remediation advice