I see many references to particular programming languages when I look over bug bounty materials and tutorials. I understand that one doesn’t have to master any particular language to get started in hunting for bugs, but it seems that familiarity with programming concepts and logic is important (as well as being able to read some code). With that said, what are the top 3 languages that would be most helpful to understand well to make strides towards becoming a better bug hunter?
Sorry, you asked for top 3, but it’s difficult to make a top 3 list for me at least.
Anyway, there are a lot of hunters who can’t write code or understand it and find a lot of bugs. I guess it’s because when participating in bug bounty programs you are not provided with the application source code.
So, it’s not a requirement to learn programming languages. If you do it, you may have an advantage.
@stefanofinding Thanks for responding. What about SQL? Or any of the numerous server-side languages? I’m asking because I find many attack code examples. They say, “Just type this in and see if it works.” But very few explain what exactly is going on. I really don’t want to be the guy that just fires off some exploit hoping that it will work. I want to understand what’s going on behind the scenes.
@vectorNull You are welcome. All the languages I mentioned are server-side languages. I never considered SQL a programming language, but it seems to be categorized that way . SQL is useful too. Also, learning about Mongodb and things like that could be useful too.
I like that approach, that’s what I like to do too.