Researcher Resources - How to become a Bug Bounty Hunter

Sure @samhouston. Here is the link from packtpub:

1 Like

Thank you samhouston for the introduction. I want to try this new activity

thank you for this thread. I find this very useful as im completely new to this field

In Step 5, the link How to write a Great Vulnerability Report redirects to the blog.

The actual link should be:
Guest Blog: Geekspeed’s Advice for Writing a Great Vulnerability Report


Very Informative, Sam explained everything. It’ll be very helpful who are new in this field.

can any one please tell me what kind of bug is this and how to report about this bug please elaborate asp.
1 Like

Here is the issue of rate limit in making projects.

1 Like

To become someone like this, you should get more language knowledge to make you acceable in more countries and places. If you do agree, you might start with Russian like

Hi:] Im new. I’m looking for some new friends or a mentor.
That would be awesome.

Such a great resource. I`m at a right place to learn and share my knowledge.

Adrian Gates
Tech Consultant - CloudDesktopOnline

1 Like

csrf (bug) you can google it for better understanding.

1 Like

Is there any references for API Security research.

@TINU-2000 - Yep! Here are a few from our forum:


Thanks a million @samhouston for this wonderful Guideway!!!

1 Like


I am a beginner here.

I have a question about viewing reports with links in them.

Do you have to open a new window to browse safely or a whole new computer to take the beatings?

i did not understand your question? you are talking about hackerone publicaly disclosed reports and links within them? if you are talking about links within them then there is no need to worry about opening those links (if you’re aware of phishing and stuff) but look out before downloading anything from those links.


Yes. I found this caution at hackerone.

If I wanted to download anything from those links, would you recommend using a virtual machine?

Hello @KJT88, for example, you’re reading a report and there is a link that is external to Hackerone? If this is the case, Hackerone warns of the redirect in case of phishing. It’s just like every other link, i.e., if you don’t trust it, don’t follow it. Many of the links are to external blogs or other resources where the hacker has written a report outside of Hackerone as well. Generally, they are safe; however, complacency kills :wink:



Yes. I would like to err on the side of caution but I guess I should do a bit more research before taking the plunge.

Only thing that stops me is possible malware or viruses.

I heard you can just open a new account in windows (I have windows :slightly_smiling_face:), and use a firefox browser.

But I guess worse case may be just corrupting data on a browser, as I’ve heard.