Bug bounty hunters are people that report bugs- any sort of vulnerabilities, weaknesses or shortcomings in the system of any organisation that could be exploited by black or grey hat hackers. In the recent past, companies by re-evaluating their security systems have realised the importance of bug bounty hunters. Companies like Google, Quora, Facebook, Mozilla have come up with extensive bug bounty programs.
A bug bounty program is a deal proffered by a gazillion websites, software developers and organisations wherein individuals are entitled to recognition and compensation in exchange for finding and fixing bugs in the former party’s system before it could be abused by someone for personal gain. Hunter and Ready initiated the first official bug bounty program in 1983 for their Versatile Real-time Executive operating system. The prize for finding and reporting a bug was a Volkswagen Bettle.
Take Psychometric Test To Know Your Best Career
Books that can help you as a beginner
1. Ghost In The Wires: My Adventures as the World’s Most Wanted Hacker
A book by Kevin Mitnick gives you a real-time account of how he went on the run for hacking into the systems of the biggest, most renowned companies in the world. A riveting insightful story that will help you identify bug bounty hunting as not only a profession but also a passion for yourself.
2. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition
Often termed as the holy book of web application hacking, this book provides tactics to attack and defend web platforms by degrees. It teaches you about how to hack specific types of technologies and remoting set-ups. The book’s text is paired with a bug bounty hunting website that helps learners to apply their theoretical knowledge into practical work as well.
3. Web Hacking 101: How to Make Money Hacking Ethically
Developed by Peter Yaworski, this e-book has helped a plethora of white hackers to earn compensation for reporting vulnerabilities in a company’s hardware, firmware and help in saving the company’s confidential data from black hat hackers. HackerOne provides this eBook for free. All you need to do is sign up or log into your HackerOne account and they’ll send you the eBook via mail!
Bug Bounty Training Courses
1. Web Security Academy
It is a free online training academy for web application security. The content provided has been garnered from various sources like PortSwigger’s in-house research team, experienced academics as well as its founder and author of The Web Application Hacker’s Handbook, Dafydd stuttered. The academy is constantly updated and thus promotes fathomless learning. Its website also provides several interactive labs where you can test your knowledge on the subject:
- Web cache poisoning
- HTTP Host header attack
- Cross-site request forgery (CSRF)
- Cross-site scripting (CSS)
- SQL injection
- XXE (XML External Entity) injection
2. Hacker101
HackerOne not only provides the Web Hacking 101 eBook but also offers a Hacker 101 course for individuals interested in learning the skill of hacking for free. This course encompasses a number of video lessons and guidelines to overcome challenges related to web security. One can join its Discord community and talk to hundreds of other learners as well.
3. SANS Cyber Security Skills Roadmap
The SANS foundation has developed an interactive roadmap for individuals to navigate their way through 60+ courses starting from baseline skills and moving on to specialized skills in the field of cybersecurity. A pdf version of the roadmap can be procured from the SANS website itself. You can also subscribe to its newsletter that will keep you posted about the current cybersecurity news as well as training opportunities.
Bug Bounty Websites
1. Google Gruyere
It is one of the most accessible and recommended bug bounty websites for beginners. This codelab is chock full of vulnerabilities for beginners to learn how to hack. The bugs commonly found here are cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). Another plus point of this codelab is that it is written in Python for hackers to learn using black box and white box testing.
You→ Good Resume →Job
2. HackThisSite
Active since 2003, it’s an innovative online virtual battlefield for ethical hacking, capture-the-flags challenges and programming expertise with many ongoing projects and is a community solely devoted to ethical hacking. Do join its Internet Relay Chat (IRC), discord and various forums where discussions about network security and ethical hacking are done with an immense amount of zeal.
3. Hack The Box
It is a massive, online cybersecurity training program that helps students, cybersecurity employees and self-taught hackers to up their game. Its Pro labs can be used for penetration testing and an official certificate from Hack The Box can be acquired for their cybersecurity skills on completion of the Pro labs.
– Aishwarya Ojha
