Learn new techniques from other bug bounty hunters so that you can test it out during your testing. You will need to know common scope vulnerabilities such as Remote Code Execution (RCE), Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Injections (SQL, Command etc.), Clickjacking, Open Redirects, etc. Learn how a request works, HTTP headers, JSON requests, how a browser works, how they communicate and send data to the servers, DNS etc. Do not disclose an issue if the counterparty have not agreed to do so. So if you are a beginner, you should set the goal of learning about the vulnerabilities and techniques to exploit them rather than how much money you should make. The lessons and knowledge learned are the only rewards that are within your control. What you may find is that some companies are harder to find vulnerabilities in (how long it takes to find security issues), and you may give up before you find anything, but you need to understand that there are still vulnerabilities yet to be found for any attack surface. It is extremely prohibitive, and as you find yourself finding security issues in the largest corporations in the world, you will soon realise that it is possible to find vulnerabilities in anything (given enough time and resources). As a bug bounty hunter, you cannot have this mentality. So setting your own goals and working to acheive them can be very important.įrom Shubs ( ): If someone came up to you and asked you if you could find a security vulnerability in Facebook or Google, your knee-jerk reaction may be to explain how hard that would be because of how much money these companies spend on security and how many staff they have securing their applications. Because as with anything else, there will always be someone better than you, and others worse than you. Don't compare your own success or failures to others. And its very common to go days, weeks or even months with out finding bugs. Not everyone is going to find bugs every time they sit down to hack. A very important thing to remember when doing bug bounties is to not get depressed / upset if it takes you longer to find valid bugs etc. For some people it can be a very slow start to the process, and others will start finding bugs right after they begin. ![]() Everyone starts from somewhere.įrom Tommy (dawgyg) DeVoss: If you have the ability to look at a web application and think of ways to break the application, then you can give it a shot. ![]() Hunting is about learning and acting noob all the time. The bug bounty field is crowded and competitive, hence you will require hardwork, dedication, lateral thinking to persist on. You need to have the patience and determination to continue hunting even though you might not see successful results quickly. If you are beginning bug bounty hunting, you will need to know that it will take time to learn the bug hunting skills.
0 Comments
Leave a Reply. |