Total noob (non-techie)! Starting a career in bug hunting!


#1

Hey ppl! I am a non-techie and have developed a special interest for web app security. I have been catching up with a lot of stuff for the last two months, reading all the recommended books (Web app hackers handbook, owasp testing guide, web hacking 101 etc) and resources. Coming from a non-technical background and reading all this material has been an overwhelming experience, but I am not giving up, am working hard and my goal is to start a career in bug bounty hunting! The bug crowd community and the hacker community in general is fantastic with so many people offering help and advice for noobs like me. Hopefully I could leverage the bugcrowd community to start bug bounty hunting soon.
My question is, could I actually start bug hunting (after some more reading and getting some basics right in probably a few more months) while simultaneously reading and learning? Or would it be too early to start (considering I come from a non-technical background)? I know this is quite a generic question, but I could do with some good advice and motivation. Thanks!


#2

Hello there! I am new here as well and my experience is limited to my home lab and my studies in grad school. I would love to stay in touch to see how you are progressing and to bounce and research ideas off each other. Welcome and good luck!


#3

Hi docsan and welcome!
Just my opinion below.
I think you can start bug hunting already, once you’ve read all those resources, you will be able to find some stuff. It might take some time at first, but practicing along with the theory usually helps “get” things faster.
Other than that, and if you have the time, try to spend some of the time learning new techniques (bug bounty writeups, CTF writeups, etc), so you don’t get stuck reporting the same types of vulnerabilities all the time, with no progress.
Wish you good luck!


#4

Hi mongo,
Thanks very much for the reply. Really appreciate it. I think its a nice approach to bug bounty, where you say we could actually start hunting while learning (of course like you said we might not end up finding much initially, but that’s ok :slight_smile: ). Yes, I think I should spend more time reading bug bounty writeups, something I have not done much.
I would like to ask another question mongo. Do you think apart from practicing in virtual labs, sites like “hackthissite”, “hellboundhackers” or “overthewire” would actually help build skills. I mean, skills that would actually help in real life bug hunting scenarios? Thanks very much once again.


#5

Hi Coyote52!
Thanks for replying. Yes I think that would be great! We could keep in touch, discuss and help each other out. Good luck to you too.


#6

Hi mongo,
Thanks very much for the reply. Really appreciate it. I think its a nice approach to bug bounty, where you say we could actually start hunting while learning (of course like you said we might not end up finding much initially, but that’s ok :slight_smile: ). Yes, I think I should spend more time reading bug bounty writeups, something I have not done much.
I would like to ask another question mongo. Do you think apart from practicing in virtual labs, sites like “hackthissite”, “hellboundhackers” or “overthewire” would actually help build skills. I mean, skills that would actually help in real life bug hunting scenarios? Thanks very much once again.