 |
| (c). betanews.com |
What Is Bug Bounty Hunting?
Bug bounty hunting is being paid to find vulnerabilities in software, websites, and web applications. The security teams at major companies don't have enough time or manpower to squash all the bugs they have, so they reach out to private contractors for help. Basically, you use your tools to break things (or break into things), write up a vulnerability report to the company who's issued the bounty, then get paid. Some hackers make tens of thousands of dollars a year on the side just hunting bugs.
To do it, however, you'll need to at least know some basic coding and computer skills. Fortunately, we've got tons of great resources to help get you started, and coding is pretty easy to teach yourself. That said, if you have no idea what any of this stuff means as you read on, bug bounty hunting probably isn't for you.
Do Some Research and Get Your Tools
Once you've got a grip on basic coding, you need to take a deep dive into web applications and how they work. Lucky for you, there's tons of great resources out there that can point you in the right direction. Start by reading:
- The Web Application Hacker's Handbook ($30)
- OWASP Testing Guide v4
- Kali Linux (free)
- Burp Suite ($349 a year, but very popular)
- OWASP Zap (free alternative to Burp Suite)
