bug hunting
Read Time:5 Minute, 9 Second

In this post, we will discuss the core concepts of Bug Bounty hunting and How to become a bug bounty hunter in India. We will also explore the scope and future of Bug bounty hunting.

Before getting into the Bug bounty journey, we will explain what you should know as a bug hunter and its pros and cons. Not only that we will see the future scope and the frustrating things no one talks about, but we will also explore how you can stand out from the crowd of bug hunters.

Every bug hunter’s goal is to find a bunch of vulnerabilities in the Web/Mobile Applications and report them to the companies and get paid for your report, but things do not go straight. We have to figure out the things that work today.

Here in this post, we will discuss How to become a bug bounty hunter from scratch. If you are starting your journey as a Bug bounty hunter, this post will surely help you stand out.

What Is Bug Bounty Hunting?

Bug bounty hunting or Bug hunting is a procedure for participating in Vulnerability Responsible Disclosure programs and finding security issues, primarily vulnerabilities in web, mobile applications, and source codes, reporting those flaws to the program and getting a reward.

Who Is A Bug Bounty Hunter

A bug bounty hunter is an individual who is an expert at security auditing of software, engaged in Vulnerable disclosure programs, and always interested in finding and reporting the flaws with proper proof of concept to exploit the security issue of that software.

How to earn through bug bounty?

You can make a living out of bug bounty or may not find a single valid vulnerability. If your motivation is to earn, nobody can stop you, but here are a few things you have to consider.

  • Bug Hunting is not a get quick rich scheme
  • You have to learn to earn
  • Practice is need
  • It takes time

Bug hunting is not a get quick rich scheme. And you have to do hard work to Learn continuously, and you need the patience to test the application. Yes, you may earn by reporting the vulnerability to the company but finding that vulnerability is not at all easy for public programs, as the competition is always high,

Nowadays,, companies have their internal security team to audit their security and allow external security researchers(Bug hunters) to test their application.

Average salary of bug hunters in India

The salary of a bug hunter depends on their reports, as it is reward-based if the vulnerability you find is low level, then you may receive a low amount of bounty. If the impact of the vulnerability is high, then you may get a high reward, the least is 50 $ and the higher is 40K $ +

The bounty also depends on company to company. Some companies offer Hall of fame and swags instead of bounties. Also the company’s size, and financial strength, they may define the rewards.

How to learn bug bounty

To learn bug bounty, you have to clear the basics of computers and get familiar with Linux.

Most of the hackers starts with Web, later continue to learn Mobile App pentesting and so on.

Bug hunting is a long learning process, you have to keep updating yourself with latest vulnerabilities and The OWASP top 10 trend also changes time to time

as said, Most of the bug hunters start with the web and we also recommend you to start your journey with Web application pentesting,

These are the things you must Know as a Bug hunter

  • Web Application Fundamentals
  • Learn OWASP
  • Practice DVWA, BWAPP..
  • Complete Web Security academy by Portswigger
  • Keep Reading Writeups by other Researchers,
  • Read Hackerone hacktivity regularly

Web Fundamentals

Learn how the internet works, and how websites work, learn about the IP, DNS, Ports, Name servers, Hosting providers

Get an overall idea on how a website works and how the traffic flows from web browser to the server,

Learn OWASP

Open Web Application Security Project (OWASP) is community driven foundation that shares useful resources, articles, videos to improve the security of software, you can master the different types of vulnerabilities that was exists in web applications, how to prevent that with best security practices

Practice DVWA, BWAPP, Juice Shop Web applications

Damn Vulnerable Web App (DVWA) is a PHP, MySQL powered web application, which is vulnerable by nature, with different level of security, you can learn Web security by exploring the application and exploiting the vulnerabilities, and BWAPP, Juice shop are also vulnerable web application wich covers the OWASP top 10 vulnerabilities

Complete Web Security academy by Portswigger

PortSwigger offers free vulnerable labs to improve your web exploitation skills, the labs are legal and free to use, you will learn a lot by exploiting them, if you stuck anywhere then you can always refer to community solutions and get back to the track. you will also receive certificate

Keep Reading Writeups by other Researchers

Always try to read other writeups and Proof of concept of other Researchers, they often put lot of efforts to explain the vulnerability and exploiting it an a unique way, also they share their tips, experiences to make other bug hunters journey easier.

Read Hackerone hacktivity regularly

Hackerone is a bug hunting platform that connects researchers with companies, it has hacktivity page where you can read the reports submitted by hackers to the companies and they explains how they find the vulnerability and how a bad actor can take advantage of it, you will learn new things also the bounties offered to the researchers will keep you motivated

 

Pro Tips

As beginner bug bounty hunter choosing a  bug bounty programs is quiet confusing also getting a private invite is not so easy, always try to find a program that has less competition even choose VDP programs that never offers any bounty, by doing so you will get some repution that will help you to get invites to the private programs

 

If you want to learn real time Bug Hunting with Live classes then Encoders pro will teach you How to became a bug hunter from scratch

About Post Author

Indian Cyber Troops

Indian Cyber Work For Nation's Wellness And Nation's Security We Share new and unique things with you Jai Hind Jai Shri Ram