Getting started with application bug/vulnerability hunting

How can i get started with application bug/vulnerability hunting? What are necessary things that needs to be done?

Hello, that is an excellent question, I will cover how to get started in Bug bounty programs first.

  • Firstly, having a solid understanding of how the web works (HTTP requests and responses)

  • Secondly, read some of the essential books that will give you an overview of what is important. I recommend the following books: OWASP testing guide V4, The Web application hackers handbook, web hacking 101.

  • Now you need to get your hands dirty and start practicing what you have learned, you can try using intentionally vulnerable VM"s and web apps like OWASP Juice Shop and DVWA. The goal is to understand what each web-based vulnerability is, how it affects a webpage and how it can be exploited.

  • I also recommend reading POC’s and writeups by other bug bounty hunters, the goal is to understand their technique and methodology for finding and exploiting a particular vulnerability.

  • You can now begin entering programs, I recommend starting with programs that do not offer any money. These programs are not very popular but they can be used to your advantage. You can use them to develop your skills and form your own methodology.

This is pretty much the basis for getting started, everything else will gradually take its place after this. Remember to keep it simple.

3 Likes

Excellent answer to my question. Covered all the points in order to be 0 to hero. Thanks.