Researcher Resources - Getting Started

This is a list of resources that can be helpful to researchers that are just getting started, or those that want to improve some core aspects of their research and reporting. Please let us know if you have any suggestions for resources that we should add to this post!

General Reading:

• How to become a Bug Bounty Hunter
• How to Write a POC
• Bug Bounties 101
• Bug Bounty 101
• Verify the output of the tools
• Tips for Successful Bug Submissions

Web Application:

• OWASP Testing Project
• WASC
• How to Kick Start in Bug Bounty

Mobile Application:

• iOS Application Security Testing Cheat Sheet

Books:

Pentesting:

• Red Team Field Manual
• The Hacker Playbook

Web:

• Web App Hacker’s Handbook
• The Tangled Web: A Guide to Securing Modern Web Applications
• The Grey Hat Hackers Handbook - 4th Edition -

“@maK - Full of good tips and covers a lot more than just web-related security, so this recommendation is possibly aimed at those who are more advanced than beginner. Requires a programming background really.”

Mobile:

• Mobile Hackers Handbook
• Android Hacker’s Handbook
• Android Security Internals
• iOS Hacker’s Handbook
• Learning Pentesting for Android Devices

The Grey Hat Hackers Handbook - 4th Edition is great and covers lots of things well.

Full of good tips and covers a lot more than just web-related security, so this recommendation is possibly aimed at those who are more advanced than beginner. Requires a programming background really.

Thanks, @maK! I’ve added it

A post was split to a new topic: Help with Setting up proxy

A post was split to a new topic: Help getting started

Hi,

I created a free Burp Suite video tutorial. I think it is perfect for people starting web hacking, or just need a good intercepting proxy. You can find it here:

http://hackademy.aetherlab.net

Best,
Geri

Is there any Free Books, or Free Tutorials for the new Ones Like me. To learn New Stuffs of Bug Crowd.
Please share me some Links

Hi Mohammed - this page should be helpful to you:

Thanks for your Help Samhouston

Hey I’m new to basically everything when it comes to hacking.Is It possible to go from no computer experience to a professional hacker? Right now I’m studying python and I intend to get the books mentioned above. Thx for any help.

Yes it is, just don’t get discouraged when you hit rough spots, like anything else set realistic goals for yourself. A good starting point is the OWASP Testing guide https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents and the OWASP Broken Web Apps virtual machine https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

Hi Gerion, if possible please provide tutorials for thick client application security testing

• I watched your videos on Burp Suite! I think it is suitable content for many aspiring Pen testers! Thank you!

Hi all,
My recommendation document for mobile penetration test is OWASP MSTG ( Mobile Security Testing Guide ). For more information visit the following link:

New to this bug bounty, how should i start and learn

Hi I am 16 years old and I want to get to hacking but my family says study the certificate is the thing that will make you money not hacking but I want to ask you can you make a living out of hacking or no

I’m new as well and only 18 but to be honest bounty hunting is all about what you put into it. Certification proves you passed a standardized test that had the information it needed. I only have an ITF certification which is the very basics to IT. You can know that information without a certification. That is how you get a job don’t think that you need a degree or certification it just proves to other people you know what you are doing.

Thanks Sam! If I know of a simple bug but important not related to Security / Vulnerability will I be able to report it and earn money for it? This is for Atlassian products.