@cybercat actually, its about experiences. After a while, you will realize some potential vulnerabilities and tell yourself: “Oh, I think that here is vulnerable”, and you will see that its really vulnerabile after check. I exactly recommend you to solve vulnerable apps and try to fix those vulnerabilities in current programming language (for example PHP).
See the unseen. 
Since we are learning new skills, if some one wanna learn Hacking using their android phone then they should checkout this site https://www.learntermux.tech/2020/01/What-is-termux-termux-apk-download-for-android-2020.html
You can learn complete hacking with this site.
@HE5150 Its nearly the end of 2020. Did you manage to find a bug like you had initially hoped to achieve by the end of the year?
@HE5150 Hey brother, i came across your post today and I am intermediate in network pentesting and more than a beginner in web pentesting. I read that you don’t want to pay for the penterster lab pro instead of that check our this website https://portswigger.net (PortSwigger) they are the maker of BurpSuite and have free academy to learn all of the OWASP Top 10 and many more things and my second suggestion would be to learn SQL , python and javascript because they can help reach the sky .
Hello Everyone!
I just started hunting for bug today, wish me well guys!
I’m new here, and this thread is the first I accessed. Thanks for sharing these links. Very useful for beginners like myself.
Hey everyone. Long time update to my “from scratch thread”.
Well I totally got side tracked with my goal of getting into bug bounties in 2020. While researching bugs I fell in love with security in general. I got my Comptia A+, Network +, and Security +, and I’m in a bachelors degree program for cyber operations. I’ve also been doing a lot of CTFs on Tryhackme.com(Highly recommend!!), hack the box, and been learning Python.
So this goal of just finding a bug has turned into a career change for me lol!
I still have the goal of exploring bug bounties. I’ve purchased nahamsecs new guide and Xss rats. I’ve recently finished my security + and have more free time so my plan is to do these courses and then just start.
The biggest thing I’ve learned for anyone that’s a beginner is to not get stuck in a “learning loop” which I’ve kind of done. Try to learn something new, apply it, try looking for vulns. Then learn something new, then apply it. I’ve been stuck in an endless loop of just learning things lately
Oh and if anyone is wondering this is HE5150 I just changed my name
Hello Bro, I am beginner without CS background. Can you tell me what resources you used?
My favourite resource so far Intro to Bug Bounty Hunting and Web Application Hacking | Udemy