Bug Bounty Forum

Join the group Join the public Facebook group

Getting Started with Bug Bounty Hunting

What is bug bounty?

Quoting Wikipedia: "A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities."

Getting started

To get started with bug bounty you will need to register an account on a public bug bounty platform and find a program. When you know what target you want to hit, you will use your knowledge of programming and security to find vulnerabilities. These are vulnerabilities that could be used by hackers to harm the program. You will report these vulnerabilities and may get paid for finding them.

It's possible for people with no knowledge of hacking to get involved, but there is a ramp up time that requires quite a bit of effort before you will start finding vulnerabilities. Most people in bug bounty learn about web hacking, but there are programs that consist of only binary exploitation or mobile hacking.

Once you decide what you want to do, you will need to start learning about the types of vulnerabilities that exist and how to find them. Having some knowledge of how these vulnerabilities work from a programmer's perspective will help you tremendously.