Getting Started With Bug Bounty!


How to get started in Bug bounty is a common question nowadays. If you think you will become successful overnight or over the week or a month, this is not a field you should join. Doing bug bounties are very competitive, it might take a year at least to do good in bug bounty.

“Do not expect someone will spoon feed you everything”.

Well i'm not an experienced hunter, i'm also a beginner in this field. My main motive of this blog is to share my learning paths.

You should have a basic understanding of how things work on the internet, and still there are many more things to learn. I'm listing few important topics below :

  • HTTP -- TCP/IP Model
  • Linux -- CLI
  • Web Application Technologies
  • Networking Basics
  • Learning Basics of HTML, PHP, JavaScript, SQL.

The list never ends it all depends upon your interest.

Choosing a path in bug bounty field is very important, it totally depends upon the person's interest but i prefer web application security testing because according to me it is the easiest one.

1. Web Application Security Testing

2. Mobile Application Security Testing (Android/IOS)

But not limited to these two it totally depends upon your interest.

Bug Bounty Platforms:

  1. Bugcrowd (
  2. Hackerone (
  3. Intigriti (
  4. Synack (
  5. Safehats (

Resources :

Books :

>Web Application Hacker’s Handbook

>Web Hacking 101

>The Hacker Playbook 12, and 3

>The Mobile Application Hacker's Handbook

>Mastering Modern Web Penetration Testing

In addition to these books, i’ll suggest you to read and understand OWASP Testing Guide & OWASP Top 10 Vulnerabilities.

Youtube Channels:

Live Over Flow (

Nahamsec (

Farah Hawa (

PortSwigger (

Bug Bounty Public Disclosure (

The Cyber Mentor (

Stök Fredrik (

Blogs/Write-ups You Should Follow:

Bug Crowd Blog (

Bug Hunting Medium (

Pentester Land (

Hackerone Blog (

Twitter # tags you should follow:






Bug Bounty Tools you should Master:

Burp Suite

Open Vas




John The Ripper



Still there are many tools but these are the mainly used tools.

Labs To Practice Legally:

Port Swigger Labs (

Damn Vulnerable Web Application (

Web Goat (


“Start learning and keep Hunting!”


Soratemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

  • Image
  • Image
  • Image
  • Image
  • Image


Post a Comment