Hey fellow researchers, I got into and have been reading up and training in web app hacking for at least a year now (in my free time), with some hands on bug bounty hunting in some public programs in the last 3 months. In fact I did some poking around last year itself, but realized I needed more reading and training.
Having said that, I would appreciate some advice on how to approach public programs as a beginner.
I would like to spend more time on programs that offer bounties. After all bug hunting an be tedious and frustrating.
Most public programs have so many reports submitted and reports resolved already, moreover they also become quite robust in security. Your valuable advice on how, maybe, such programs can be approached? As in, lets say, I am testing a program that already has many issues resolved. Would it be okay, if I nevertheless, tested it in a robust manner, right from sign up, password reset, session management and so onā¦?? I know I am being sort of ānot specificā here, but I feel lost many a times while testing public programs. Advice would be greatly appreciated
Well, obviously thereās more competition on public bug bounty programs. With that said, thereās still plenty of bugs to be found on public programs. Just imagine how many people are targeting Google apps these days, and STILL new high-impact bugs are being found. If you approach a target thinking that all the good bugs have been found by others, youāll not likely not find anything.
Iād recommend finding 2 or 3 programs that you find interesting and invest a lot of time in those. That way, your research will not be āwastedā if you donāt discover any report-worthy bugs, because you learned something about the application.
Also, enumeration is key. You should try to find programs where all subdomains are in-scope and enumerate subdomains. They are usually not as well-tested as the main applications.
If youāre looking for suggestions, I can recommend the Upwork and Magic Leap programs.
Thank you so much for the advice, Waike! Appreciate the reply. I would absolutely agree with you, mindset is important while hunting for bugs.
What you said makes sense. All this while, I should say, I have been jumping programs. And thanks so much for the program suggestions, would check them out.
Thanks once again, for this advice. Gives me motivation and the grit to keep grinding. Cheers!
Docsan
Iām moving into infosec from Software QA/testing, and one thing I can tell you after a great number of years in testing is āfresh eyes find bugsā. Always. If you are observant, if you think to try things others may not have, especially without pre-conceived notions of how things work, youāll find stuff.
