What is Bug Bounty? How to Start Bug Bounty

DataInfoSec

·

Follow

3 min read

·

Nov 14, 2020

--

Listen

Share

What is bug bounty hunting?

1. Bug bounty hunting is a part of offensive security to attack websites,hardwares,softwares and newly developing technologies to find vulnerabilities in that technologies.It is the one way to earn money by your hacking skills
2. Learn by doing-Bug bounty is a best way to train your knowledge what you are studied as theory in ethical hacking.

Who is bug bounty hunters?

1. Bug bounty hunters are self trained persons who are mostly interested in self learning to gain more knowledge and keep updated in these daily developing technolgies.
2. They highly knowledgble to hunt bugs in more secure systems.
3. A bug bounty hunter is an individual who knows the nuts and bolts of cybersecurity

HOW TO BECOME BUG BOUNTY HUNTER?

1. Before jumping right into covering how you can get started as a bug bounty hunter, having a cybersecurity background or a significant knowledge of vulnerability assessment will be helpful
2. However, it is not mandatory to be well-versed cybersecurity ,there are many high-earning bug bounty hunters who are self-taught.
3. Self-learning is the best practice to learn more knowledge about many things not only for bug bounty and also to learn many things

Basic knowledge:(Learn basics from what you are looking for):

1. Before starting bug bounty hunting you must upgrade your skill as much as possible.
2. Skills are varied what you are choosing in bug bounty
3. If you choosing bug hunting in web applications you must know all about web applications
4. If you choosing hardware testing you must know all about hardwares in computers.

Books to learn about web applications:

1. Web Hacking 101: How to Make Money Hacking Ethically
2. Owasp Top 10 methodologies
3. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws

The Indian Bug Bounty Industry

1. According to a report, bug hunting has proven to be 16 times more lucrative than a job as a software engineer. A May 2017 Hacker-Powered Security report indicated that white hat hackers in India got a whopping $1.8 million in bounties.
2. Facebook, on completing five years of its bug bounty programme in 2016, listed the top three countries based on the number of payouts of the bug bounty programme. India topped that list.
3. Over the years, bug bounty programs have gained tremendous popularity in India and today, these programs are not only rewarding security researchers but also creating an ecosystem of knowledge sharing.

The pros and cons of full-time bug hunting:

1. 1.Let’s not beat around the bush: the money is good if you’re good.“If someone actually works 40 hours a week and is really good, they can easily make 7 figures a year.
2. There is no upper limit on how much a dedicated, full- time bug hunter can earn in a year.
3. The most important advantage of working as a bug hunter under a platform like HackerOne is the possibility of working when we wants and as much (or little) as we wants.
4. There are cons, as well. “You don’t have a fixed salary, so some months can be worse than others. Social isolation can be an issue. Finally, you really need to know when to stop or change your working schedule to avoid potential burnouts.”
5. one of the most important advantages of reporting vulnerabilities via bug bounty platforms is the protection they offer (meaning: they make sure the bounties are run in a way that protects the researchers legally).