Hey fellow researchers, I got into and have been reading up and training in web app hacking for at least a year now (in my free time), with some hands on bug bounty hunting in some public programs in the last 3 months. In fact I did some poking around last year itself, but realized I needed more reading and training.
Having said that, I would appreciate some advice on how to approach public programs as a beginner.
I would like to spend more time on programs that offer bounties. After all bug hunting an be tedious and frustrating.
Most public programs have so many reports submitted and reports resolved already, moreover they also become quite robust in security. Your valuable advice on how, maybe, such programs can be approached? As in, lets say, I am testing a program that already has many issues resolved. Would it be okay, if I nevertheless, tested it in a robust manner, right from sign up, password reset, session management and so on…?? I know I am being sort of “not specific” here, but I feel lost many a times while testing public programs. Advice would be greatly appreciated
Well, obviously there’s more competition on public bug bounty programs. With that said, there’s still plenty of bugs to be found on public programs. Just imagine how many people are targeting Google apps these days, and STILL new high-impact bugs are being found. If you approach a target thinking that all the good bugs have been found by others, you’ll not likely not find anything.
I’d recommend finding 2 or 3 programs that you find interesting and invest a lot of time in those. That way, your research will not be “wasted” if you don’t discover any report-worthy bugs, because you learned something about the application.
Also, enumeration is key. You should try to find programs where all subdomains are in-scope and enumerate subdomains. They are usually not as well-tested as the main applications.
If you’re looking for suggestions, I can recommend the Upwork and Magic Leap programs.
Thank you so much for the advice, Waike! Appreciate the reply. I would absolutely agree with you, mindset is important while hunting for bugs.
What you said makes sense. All this while, I should say, I have been jumping programs. And thanks so much for the program suggestions, would check them out.
Thanks once again, for this advice. Gives me motivation and the grit to keep grinding. Cheers!
I’m moving into infosec from Software QA/testing, and one thing I can tell you after a great number of years in testing is ‘fresh eyes find bugs’. Always. If you are observant, if you think to try things others may not have, especially without pre-conceived notions of how things work, you’ll find stuff.