Bug bounty programs are a great way for companies to add a layer of protection to their online assets. A bug bounty program is a crowdsourced penetration testing program that rewards for finding security bugs and ways to exploit them. For researchers or cybersecurity professionals, it is a great way to test their skills on a variety of targets and get paid well in case they find some security vulnerabilities. The number of companies that have a formal crowdsourced program is increasing and so are the people who want to become a freelance penetration tester. The aspiring bug bounty hunters are of many different knowledge, experience and skill levels.
Some are completely new to the idea of web development with little prior programming experience, some are experienced web developers with no experience in cybersecurity while some are highly skilled cybersecurity professionals. The steps that should be taken are the same for everyone, one can, however, skip one or more steps based on his/her skills and experience. The popularity of bug bounty programs among companies can be
1. Learn Computer Networking: One has to learn about the basics of inter-networking, IP addresses, MAC addresses, OSI stack(and TCP/IP stack). You can learn it from the following resources:
- Networking: A top down approach
- TCP/IP for Dummies
Note: TCP/IP guide and RFC are also good source to learn Computer Networks.
3. Learning Web Application Security Measures and Hacking Techniques: This will include learning about common security mechanisms, security practices, their bypasses, common vulnerabilities in web applications, ways to find these vulnerabilities and ways to patch and prevent the applications from these vulnerabilities. Useful resources are:
- Books and Online Reading:
- Youtube Channels
4. Practicing and Polishing Your Skills: Practicing helps in developing a framework for approaching a target. The more you practice on diverse targets of different difficulty levels the easier it will be for you to approach a web application in a way that increases your chances of finding a critical vulnerability (or even finding a vulnerability if the application is well secured and has been already tested by many hunters). Try making great use of these resources:
- Vulnerable Web Applications: These are intentionally vulnerable virtual machines or web app packages. Vulnerable web applications are available as general variants that contain many types of vulnerabilities and as dedicated variants that focus on a single vulnerability and its subtleties. Some examples are:
- OWASP Webgoat
- Cyclone Transfers
- Butterfly Security Project
- Juice Shop
- Rails Goat
- BWapp, DVWA(Damn Vulnerable Web Application) and Webgoat are the best for beginners.
- Intermediates can find the full list here.
5. Testing Real Targets: After you are thorough with your basics and have a decent level of skill, you can start doing the actual hunting on the real websites. A lot of websites run bug bounty programs for their web assets. Some big names are:
These companies reward generoursly but finding a security bug one any of their assets is highly difficult due to tough competetion. You must remember that the top bug bounty hunters of the world are testing these websites along with you. However that doesn’t mean you can’t find something at all. To get a good list of programs that run bug bounty program see:
6. Staying Current on Latest Vulnerabilities: For this you can follow elite researchers and learn from their work. You can also read disclosed reports on bug bounty platforms like hackerone. Some recommended researchers are: