If you’re looking to become a bug bounty hunter, then this is the most comprehensive guide on how to become a bug bounty hunter specially created for beginners.
The term ‘Hacking’ is considered derogatory but not ethical hacking, where finding the vulnerabilities and weaknesses in applications before cybercriminals do is a huge in-demand job opportunity. If you’re interested in learning ethical hacking, here’s the list of the best ethical hacking learning websites.
As per BBC’s article, bug bounty hunters can receive a bounty of more than $350,000 (£250,000) a year. You can even earn around $1,000,000 in the year in total if you’re enrolled in certain bug bounty programs.
All this seems lucrative, right? The answer is YES, IT IS!
But when it comes to becoming a successful finder of vulnerabilities, you may have several questions and dozens of questions like What are the requirements, how much time it will take, and many more.
No worries, I got your back. The short answer is dedication and persistence and you’re good to go. For a detailed answer, read this article till the end. 😀
You should only step into this field when you are genuinely interested, otherwise, you will soon be disappointed. It’s not a scheme to make some quick bucks.
On the other hand, if you have a genuine interest to learn and a passion to work hard then it’s one of the most lucrative and hot career options in the technology industry.
How to Become a Bug Bounty Hunter?
First of all, it doesn’t matter, if you’re not from the computer science field you can always learn and start from square one.
So, if you’re willing to learn how to become a bug bounty hunter, you’ll enjoy the actionable steps in this definitive guide.
Without any further ado, let’s dive right into the step-by-step process.
What is bug bounty hunting?
As you may already know all websites, programs, software, and applications are created by writing code using various programming languages.
But sometimes things go blue, and the applications behave differently from their intended behavior.
The term, ‘bug bounty hunting‘ means finding technical errors in the coding scripts that can compromise the security of any application, validating and reporting the error to the concerned authority, and in return, you get a reward in monetary terms and recognition for your work.
What should I learn for a bug bounty?
This is the most important step, if you are not from a computer science background, then first you must clear the basics.
Many people fail to become successful bug bounty hunters since they overlook the basics of computer science.
Here’s what you should learn for a bug bounty:
1. Computer Fundamentals
In computer fundamentals, you need to learn about input-output systems, processing, components, data, and information.
2. Internet (HTTP)
You need to understand the workings of the entire HTTP protocol in depth. Focus on how exactly the internet functions, how connections are made, how websites are connected to the internet, and how can we visit them.
3. Computer Networking (TCP/IP)
In computer networking, you need to study TCP and IP protocols, OSI Layers, how IP addresses are formed, how all the ports are formed, etc. For a complete syllabus, you can even search online for the Computer Science 6th semester syllabus and go through it to learn more.
4. Command Line Interface (shell)
You should have good hands-on practice with the command-line interface. Command-line is the terminal or in Microsoft Windows OS, it’s commonly known as the command prompt or cmd. You need to learn things such as how to directly connect the kernel with the system.
5. Operating Systems (Linux, Windows)
You need to master the Linux operating system. In Linux, it’s mainly Kali Linux, which offers a wide range of pre-installed tools used for hacking, pen-testing, and bug hunting.
6. Web Technologies (HTML, JS, PHP)
Learning about web technologies is mandatory if you’re willing to perform bug hunting on web applications and websites. First of all, begin with basic HTML knowledge, then you should move on to studying Javascript, it’s very important for the front end of the web application.
And for the backend, you need to learn PHP, Java, and ASP.NET but you need not master these, just decent knowledge is more than enough.
7. Master at least 1 Programming Language
You do not have to do coding as a bug bounty hunter, but it’ll help you to read the developer’s mind. And for that, you can choose any language, like Python, Ruby, Perl, etc. But I’d recommend you should master Python since it’s easier and has vast applicability. Here’s the list of the easiest programming languages to learn.
How to Study to Become a Bounty Hunter?
The next section is about resources from where you should learn all the pre-requisite basics and knowledge. I would recommend you should start learning from books since they are an unbeatable source of knowledge.
Best and Credible Books
There are some very important books, you need to begin with. I would highly recommend first you start with a book for computer fundamentals, then move on to computer networking and the internet.
Further, you should move on to hacking books. There are some highly popular hacking books and the 7 best are as follows:
1. Web Application Hacker’s Handbook: This is a very popular book for hacking, here you will find all the attacks you can perform on a website in a descriptive and structured way. You will also find various practicals in this book.
2. Ethical Hacking 101: This book is primarily designed for advanced bug hunters.
3. The Hacker’s Playbook (1, 2, 3): There are 3 parts to this book and you can read them all.
4. Hacking: The Art of Exploitation: This is one of the masterpieces you will find on the planet for learning to hack.
5. OWASP Testing Guide: This book is best if you select a path of web pen-testing and bug bounty.
6. Mobile Application Hacker’s Handbook: This book is primarily for mobile pen testing and bug bounty.
YouTube Channels
There are various good YouTube channels like Bugcrowd and Hackerone but YouTube doesn’t allow hacking practicals. But you can learn programming languages from YouTube channels like The New Boston, and Code Academy.
Writeups, Blogs, and Articles
You can grab as much free knowledge as you can get from articles and blogs. I have listed the best and most credible blogs and article sources to learn how to become a bug bounty hunter and get high-quality knowledge of this field.
1. Medium Infosec: The InfoSec section of the website Medium is a good start. There you will find public reports of people who have already found bugs. You’ll learn how successful bug bounty hunters got bugs including the methodology used, what steps they took to find a bug, and how they reported that bug to the concerned company to get the bounty reward.
2. HackerOne Public Reports: The second good source is from the crowdsourced bounty platform for bug hunting – HackerOne. By reading them you will gain a tremendous amount of knowledge on what should be your approach to find a vulnerability and then how to report a bug.
3. Reddit Forums: Another credible source of online free knowledge. One such good forum is Reddit/r/netsec.
4. DEFCON Conference Videos: You can also follow conference videos of DEFCON that you can find on YouTube, where the advanced hackers visit the conference and share their high-level advanced knowledge.
5. Github and Github pages: Github is a community of hackers, developers, and computer programmers who share their knowledge with the world.
Bug Bounty Hunting for Beginners
Assuming you gained the required knowledge, now the next step is practice. Everything you have studied will go down the drain if you do not practice on your own. Practice is what makes a difference between a beginner and an expert. Therefore practice is the key, for practice, you can do it online as well as offline.
There are numerous websites for online practice, and games such as You Can play capture the Flags (CTFs) – these are intentionally vulnerable applications where a flag is hidden inside the root and you need to identify the vulnerability and exploit it, and then you have to capture that flag.
For online practice, there are CTF365, Hack The Box, and SecArmy. You can even purchase testing labs online. For offline practice, you can download Vulnerable machines that you can install on your PC with the help of VMWare, and then practice on that. There are some other applications such as DVWA, bWAPP, and Webgoat for offline practice.
Tools For Bug Bounty Hunting
You need to master the tools and make these tools work in your favor.
It’s an art to work on these tools before you can learn how to become a bug bounty hunter.
One of the best tools is Burpsuite.
This is not just a tool rather it’s an entire framework or suite where there are several tools. You have to master Burpsuite, and once you do it will skyrocket your entire career and improve your ethical hacking skills as well.
Now there are other tools as well like Nmap, Dirbuster, Sublist3r, Netcat, etc, that will help you to become a professional ethical hacker as well.
If you are using Kali Linux, then it’s a great advantage for you since you’ll find all these tools pre-installed on it.
Bug Bounty Hunting Getting Started
Now once you have mastered these skills and have confidence, you are all set to go bug hunting.
But where should you go and how should you go?
There are two options – either you can go onto a company’s website and search whether there is any bug bounty program and if so then check their policies and enroll in it.
But apart from the individual website, there are some crowdsourcing bug bounty platforms are also available. Two popular names are Bugcrowd and Hackerone.
Now here the second option is more viable if you are a beginner since it saves time and provides various options all in one place.
These platforms connect security researchers with the companies that have created their applications.
There are other platforms as well like Antihack, Zerocopter, Synack, etc.
Step 1: Choosing a Suitable Platform
Now the next step is deciding on a suitable platform for your first bug hunting. Since you are a fresher in this field, therefore you need to follow a different methodology to find bug bounty platforms.
You need to choose your platform. To do so, you should find those platforms that are less crowded and less competitive.
And these platforms are the ones that don’t offer monetary benefits rather they provide recognition, points, and reputations only and not exactly bounty.
When you are just starting, you should not run for the money, instead, you need to focus on experience, reputation points, and hall of fame.
Step 2: Choosing a Bug to Work on
Once you select a decent platform for bug hunting and decide on a particular website or application to find bugs, now the next step is to decide what type of bug you will find, whether it’s cross-site scripting, injection, or any other.
You need to work systematically by focusing on one type of bug at a time.
Now once you select one specific type of bug, you need to do an exhaustive search and apply all the knowledge to find the specific type of bug.
Finding a bug will not be straightforward, and even in case if you find something easily report it. There are huge chances that it has already been reported and then you will get a duplicate flag and will not receive the bounty.
Step 3: How to Create Reports, Responsible Disclosure
Let’s say you found a bug, but there is a proper way of reporting a bug to the company. Here you need to escalate the bug while reporting and increase its severity.
All types of bugs have their severity levels and injection bugs have the highest severity.
To report a bug, first, you need to specify a location where you found a bug, then you have to mention how that bug can be reproduced. Further, you should specify all the steps you took to find that bug to the concerned company.
There is a term called Proof of Concept (POC) that validates whether you are genuine or not. For POC, you can make demonstration videos with the use of screenshots, to make solid proof.
You should also mention the impact of a bug on the usage of the whole application. Therefore you need to read the responsible disclosure policy for the particular bug bounty platform you are targeting.
Every company has its different responsible disclosure policies.
How to Get Started as a Bug Bounty Hunter?
There are a few important points to remember before you step into the field of a bug bounty hunter.
- You should not copy anyone and try to be as unique as you possibly can. You need to think outside the box.
- Avoid stepping into this field only for the sake of bug bounty.
- You should have some patience and passion.
- Focus on learning and expanding your skills since you can enter into other fields – ethical hacker, security researcher, and even developer.
- Always keep yourself updated with the technology fields especially data breach, vulnerability assessment, and information security.
FAQs
1. How much money do bug bounty hunters make?
You can earn $35000 to $50000 in a month. If you’re enrolled in certain bug bounty programs, your total earnings can be over $1000,000 for a year.
2. Is bug bounty hunting worth it?
This profession is worth it, with the rapid changes in the digitalization era, where every day 6.85 million+ accounts get hacked. Companies are willing to offer a huge amount of money to bug bounty hunters who help to protect them from cyberspace criminals.
3. Is bug bounty hunting legal?
Bug bounty hunting is legal in India, the US, the UK, and many more countries. You can get into the world of a bug bounty without any hesitation.
End Note
I hope this beginner’s guide on how to become a bug bounty hunter serves its purpose. If you have any doubts or suggestions regarding the topic, feel free to comment below.
Further reading: Jobs and Careers in Cyber Security