Bug bounties are crushing the internet nowadays as it has become a good way of earning huge amounts of money. Everyone is getting into it, but how do you get started with bug bounties? This has become a very common question nowadays because bug bounties are on the hype! everyday, almost everywhere, you might see someone getting paid X from a company for finding and reporting security vulnerabilities. Everybody is into it but many people are still trying to figure it out on how to get started with this.
Here are the top 10 tips that I would like to share for you to get started with bug bounties:
1) Actually getting started
This is one of the first and fundamental tips to get started with bug bounties. If you are serious about it, you better be very serious about it and get started. Start from the basic technical things including, Networking basic, Linux command lines, web application technologies. You can find the resources for beginners here.
2) Get involved with Community
If you want to get involved in business, you get involved with business people, business groups, business seminars. So if you want to get involved in bug bounties, you should get involved with bug bounty communities. You can find many bug bounty groups, communities on Facebook/ Twitter/ Discord all along. Simply get involved and learn.
3) Learn about Vulnerabilities
After getting started, you want to learn about the vulnerabilities and understand what actually it is and how it is a vulnerability. You can learn about those vulnerabilities at OWASP.
4) Practice & Practice
After learning about vulnerabilities, you need to practice them. You can practice at your own target but for beginners, you can practice at different free labs. Practicing on Labs can greatly help you in understanding vulnerabilities, how they occur, how to exploit them, etc. This is a very essential step that will greatly help in getting started with bug bounties. While there are many free labs available for you to practice on like:
Damn Vulnerable Web Application (DVWA)
These free resources will greatly help you while getting started, you can also try making your own vulnerable labs for a more fruitful result. It will not just help in learning how to find and exploit the vulnerability but this way you will also learn what makes the vulnerability occur in the first place.
5) Do what you are good at
After practicing more often, you will eventually realize your strong area. It could be web, mobile, or networks. So, start with that to get more positive results. Start to penetrate with your strong areas of skillsets and eventually you will start to collect more experience with it.
6) Hack from Fresh Target
The most common mistake that we have seen with new bug hunters is that they start with big targets like Facebook, Google, etc. but eventually, they end up in frustration as these targets are hard to penetrate and you probably might not want to do that at the beginning. You should start testing your skills on a fresh target for better and positive results. The fresh targets could be penetrated in an easier way so you could have a high chance of finding your first bug. Since Bugv has recently been started, you will find many targets on the platform, which contain a lot of fresh ones. So, get yourself registered!
7) Take care of your health
Health is wealth. So far, you might have put yourself under huge pressure by studying/practicing/trying all day and night, but you need to take a break from these and give time to yourself by taking care of your mental health. You should use some protective eyeglasses to take care of your eyes as you might be spending more time with your system.
8) Quality Educational Resources
If you are a beginner then you need quality educational resources for your learning. So here are a few educational channels that you can follow to stay along:
Live Overflow – https://www.youtube.com/c/LiveOverflowCTF
TheCyberMentor – https://www.youtube.com/c/TheCyberMentor
John Hammond – https://www.youtube.com/user/RootOfTheNull
NahamSec – https://www.youtube.com/c/Nahamsec/
STÖK – https://www.youtube.com/c/STOKfredrik
9) Reading Writeups/Disclosed Reports
Reading other people’s write-ups about their vulnerabilities can greatly help in understanding the mindset of other people while they look for vulnerabilities. Also, you learn about different ways of exploiting certain vulnerabilities, learning new exploits, discovering ideas about looking for similar things in some other target, etc. HackerOne’s Hacktivity, Pentester Land, BugReader, etc are some of the nice sources where you can find different write-ups.
10) Persistence
Last but not least. At some point of your journey, you might want to give up as you are not being successful like others. But trust me, bug bounties was/are/will never be as easy as everyone tells. Everyone shares their success story but no one mentions the hard work they have gone through to achieve success. You need to have a strong desire to learn & practice every day.
As always I would like to add some extra bonus for you guys:
11) Find a mentor
You might come across many questions and issues throughout your journey, of course, you have a community but it would be a lot better if you could find someone who is already experienced with bug bounties and is willing to answer all your questions as well as clear your doubts.
12) Stay Focus
During bug bounties, you might come across many targets, programs but I would recommend you to always stay focused on a single/favorite program or target for a long time as doing this will make you much familiar with the program, and you can have a better understanding at finding more and severe vulnerabilities.
If you have suggestions then do let us know in the comment section.
If you are a business and want to start a bug bounty program for your company then please register here.
