How to start in bug bounty?

i am new here
and i don’t have a background in this field
so to start, should i learn the basics of some languages first such as HTML CSS JS PHP SQL
or can i access to it with just read some books like “ web app handbook” and try to do CTF


I would recommend you to start with web hacking 101 by Peter, then do owasp10 and along with this practice what you learn on vulnerable labs like bwapp,dvwa etc, read h1 public disclosures, follow other peeps on twitter, read blogs and write ups.
Learning programming or having a computer background is not necessary to get started, you just need to be curious and passionate about this field.


i just learned some basic of html

i am trying to CTF but it is difficult

i read some basic about networking

i have “web app handbook”

but i dont have a roadmap

Check this thread out for resources and roadmap.

1 Like

last question sorry
but i feel so confused
it is necessary to learn HTML CSS PHP SQL JS
first ?
or can i read the book ?
thank-you so much

You can ask as many questions as you want , we all here to help.
There is no need to burden yourself with programming yet. You dont have computer background so first try to understand basics of networking, how internet works , how web works , http, servers , clients etc. And spend most of your time learning about bugs and also practice what you learn on vulnerable labs. Ctf (where you have to find a flag using tools) is good but its different from real world applications. You can play hacker101 ctf as those are good and all those ctf have web based vulnerabilities.
And you can join Bugcrowd’s discord channel to ask these type of questions with quick answers.


how do i join the Bugcrowd discord channel?

1 Like

This might help


I am new too but I like the idea of using new exploits on bug bounties. I have read that the public bug bounties have much of the low hanging fruit taken. So, I read up on the top exploits of the year such as portswigger top 10 hacking techniques


hi i am also a beginner to bug bounty. i.e:- i just signed up. i am very enthusiastic as to working around secure systems. but i would appreciate to know as to where i should start from?

Yes really instresting

Where you should start depends on where you’re at. If you’re completely new to hacking/programming/networking, I’d recommend starting with the third chapter of the Web Application Hacker’s Handbook. It covers a lot of the technologies you’ll see in the wild every day as a bug bounty hunter.

If you have experience with security, I’d recommend reading some (A LOT) writeups and published reports. They’ll give you a good idea of what you should look for.


hii guys who know ssrf best technic what programing language for againts node js i know avarage in php and python but node js framework is diffrent technology if u have advice please… your suggestion

Hi ,Im also new here …how do i start can anyone guide me.Im working in security analyst

I am new to cybersecurity. And going through a bugcrowd program I get stuck in this sentence

Please add the following User Agent during the course of your testing: UA-BugBounty

please give me some idea how to do this .
Thank you




why? u r not https ’ - ’


I am new here without any background on bug bounty. I tried to join some programs (Points Only), But most of the programs that I came across requires certain eligibility and the Join Program button is disabled.
How can I join a program as a beginner?

Bug Bounty is a work for finding error in entire software.