Ads Top

Bug Bounty Hunter, make thousands of dollars on the side hunting bugs

Are you a coder or white-hat hacker looking to make some money on the side? Bug bounty hunting might be the perfect gig for you.

What Is Bug Bounty Hunting?

Bug bounty hunting is being paid to find vulnerabilities in software, websites, and web applications. The security teams at major companies don't have enough time or manpower to squash all the bugs they have, so they reach out to private contractors for help. Basically, you use your tools to break things (or break into things), write up a vulnerability report to the company who's issued the bounty, then get paid. Some hackers make tens of thousands of dollars a year on the side just hunting bugs.

To do it, however, you'll need to at least know some basic coding and computer skills. Fortunately, we've got tons of great resources to help get you started, and coding is pretty easy to teach yourself. That said, if you have no idea what any of this stuff means as you read on, bug bounty hunting probably isn't for you.

Do Some Research and Get Your Tools

Once you've got a grip on basic coding, you need to take a deep dive into web applications and how they work. Lucky for you, there's tons of great resources out there that can point you in the right direction. Start by reading:

  • The Web Application Hacker's Handbook ($30)
  • OWASP Testing Guide v4
Then get the right tools. You'll need:
  • Kali Linux (free)
  • Burp Suite ($349 a year, but very popular)
  • OWASP Zap (free alternative to Burp Suite)
Then check out the OWASP WebGoat lab, where you can practice finding bugs and vulnerabilities in web applications, and take a look at the Google Bughunter University as well. They have lots of great information bug hunting and how to write solid vulnerability reports that will get you paid. Sites like Bugcrowd and HackerOne can help with that aspect as well. (Patrick Allan/

No comments:

Powered by Blogger.