Late Start - Where to begin?

HI Everyone,

There has been a ton of great content from Bugcrowd in regards to the Bug Hunter Methodology, as well as other documentation, etc. As someone who is late to the party in terms of Bug Bounties through this type of platform, how does one begin to build reputation/points when starting fresh? Obviously when I do private penetration tests, I’m not in competition with anyone else; however with platforms like Bugcrowd, where should I be starting when there are already so many people looking at the same thing? Obviously I know low hanging fruit is a waste of time, but I also want to maximize my time and make sure I am not wasting it in places I shouldn’t. I’ve had a couple instances where I’ve spent hours on a particular piece of functionality to no avail. Then I finally find something worth reporting, and it was a duplicate. How does one who isn’t getting any private invites to a place where he/she’s getting private invites? Any help would be greatly appreciated. Hopefully this makes sense. Thanks!


Hi @Decoy,

Maybe someone from Bugcrowd or similar platforms can give you a better answer, but I think that the way to get invitations is not so much about the quantity but the quality of your reports (even duplicates). That’s been my experience at least.
I understand that it could be frustrating to find something and then it’s closed as duplicate, but that’s life in bug bounty world :smiley:
Just keep looking for bugs, patiently, and ignore the “there are already so many people looking at the same thing”. Sometimes is good to just focus in one program. And don’t be scared of public programs.



I have a similar question, I just joined, where do I start? how do I get bug tasks that I can investigate - and do I understand right, we also get rewarded - i.e. get paid for it?

Can someone explain to me the process in short?