How to start in bug bounty?

hello
i am new here
and i don’t have a background in this field
so to start, should i learn the basics of some languages first such as HTML CSS JS PHP SQL
or can i access to it with just read some books like “ web app handbook” and try to do CTF
?

1 Like

I would recommend you to start with web hacking 101 by Peter, then do owasp10 and along with this practice what you learn on vulnerable labs like bwapp,dvwa etc, read h1 public disclosures, follow other peeps on twitter, read blogs and write ups.
Learning programming or having a computer background is not necessary to get started, you just need to be curious and passionate about this field.

7 Likes

i just learned some basic of html

i am trying to CTF but it is difficult

i read some basic about networking

i have “web app handbook”

but i dont have a roadmap

Check this thread out for resources and roadmap.

1 Like

last question sorry
but i feel so confused
it is necessary to learn HTML CSS PHP SQL JS
first ?
or can i read the book ?
thank-you so much

You can ask as many questions as you want , we all here to help.
There is no need to burden yourself with programming yet. You dont have computer background so first try to understand basics of networking, how internet works , how web works , http, servers , clients etc. And spend most of your time learning about bugs and also practice what you learn on vulnerable labs. Ctf (where you have to find a flag using tools) is good but its different from real world applications. You can play hacker101 ctf as those are good and all those ctf have web based vulnerabilities.
And you can join Bugcrowd’s discord channel to ask these type of questions with quick answers.

3 Likes

how do i join the Bugcrowd discord channel?

1 Like
1 Like

@mhmd-mhdn
This might help
https://medium.com/@sankethsharath/my-baby-steps-towards-bug-bounty-hunting-an-exciting-yet-arduous-journey-f92ca12eb039

I am new too but I like the idea of using new exploits on bug bounties. I have read that the public bug bounties have much of the low hanging fruit taken. So, I read up on the top exploits of the year such as portswigger top 10 hacking techniques

hi i am also a beginner to bug bounty. i.e:- i just signed up. i am very enthusiastic as to working around secure systems. but i would appreciate to know as to where i should start from?