Question about Computer Languages

I see many references to particular programming languages when I look over bug bounty materials and tutorials. I understand that one doesn’t have to master any particular language to get started in hunting for bugs, but it seems that familiarity with programming concepts and logic is important (as well as being able to read some code). With that said, what are the top 3 languages that would be most helpful to understand well to make strides towards becoming a better bug hunter?


Hi @vectorNull.

Usually, web applications use different languages. If you have to learn one language for web bug hunting, I will suggest Javascript, because all web applications rely on it for the client side code.
Based on what I have seen when testing, these languages may be useful to learn: Java (never spent enough time learning about it, but I see it in many applications), NodeJS/Javascript, Ruby/Ruby-On-Rails, Python/Django/Flask, .Net (never spent time learning about it and I’m not sure it’s called .Net, but I’m referring to extensions like .aspx, .asp, etc.), and Go.
Sorry, you asked for top 3, but it’s difficult to make a top 3 list for me at least.

Anyway, there are a lot of hunters who can’t write code or understand it and find a lot of bugs. I guess it’s because when participating in bug bounty programs you are not provided with the application source code.
So, it’s not a requirement to learn programming languages. If you do it, you may have an advantage.


@stefanofinding Thanks for responding. What about SQL? Or any of the numerous server-side languages? I’m asking because I find many attack code examples. They say, “Just type this in and see if it works.” But very few explain what exactly is going on. I really don’t want to be the guy that just fires off some exploit hoping that it will work. I want to understand what’s going on behind the scenes.

1 Like

@vectorNull You are welcome. All the languages I mentioned are server-side languages. I never considered SQL a programming language, but it seems to be categorized that way :sweat_smile:. SQL is useful too. Also, learning about Mongodb and things like that could be useful too.
I like that approach, that’s what I like to do too.

1 Like

A bug hunter program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. The top languages are Python, IoT, Javascript, NodeJS, Net, Angular Js, PHP, etc. There are a lot of hunters who can’t write code or understand it and find a lot of bugs.