As I am starting my bug bounty journey (on April 1), I searched the internet for: How do I get started in bug bounty? In this write-up, I will list technical resources. I do not think finding resources has ever been the real problem. Most of us have internet access, but we are often lazy and lack consistency.
Technical Resources
In order to learn about all the vulnerabilities that one could find, there are several key resources:
Books:
- Web Hacking 101 by Pete Yaworski
- Bug Bounty Bootcamp by Vickie Li
- The Web Application Hacker’s Handbook by Dafydd Stuttard and Marcus Pinto (MUST)
- For additional books, check out this repository
Online Resources:
- PortSwigger Academy (MUST)
- Hacker101
- BugCrowd University
- Bug Bounty Forum Resources
- Reading every single blog that has ever existed on Bug Bounty
- Follow the right people on Twitter
If you read the above, then you will 100% have the knowledge to find vulnerabilities. Now all you need is persistence, consistency and quite a bit of time and you’ll be writing some reports in no time!