What is Bug Bounty Hunting and how to get started?

A long time ago, HTML invention at the time when concepts such as TCP and DNS were already established, led to the invention of the Internet whereby a famous or an infamous person was able to sell and put his services online. Very soon after this invention, web pages were designed and put online. However, the security perspective, it wasn’t very thought of. Even though some security implementation came soon after the content was made online, it was never considered properly. To put it simply, the internet was build just as without any complete model of security. This would have been for many reasons but the chance of it being exploited was very high, website developers and vendors, both needed to design and re-design in order to achieve a safer state only and never to completely eradicate problems.

This is a very nice topic and a very important one. I often see people get this mixed with other separate topics, and often fathom its meaning incomplete or invalid. So here is the brief about bug bounty in its deconstructed form.

As the Internet grew, new protocols, frameworks, languages, and other things added to its charm and problems. With a very wide usage now, it was very functional for a user whose work was made much easier and convenient, but it made everyone targets of malicious intents that also grew. Not to include complicated details since it is a beginner intended reading, but naturally, with acceptance like it, a need to call everyone around the world to help protect the content’s misuse was realized. Websites soon announced this program, which was famous with the term “Bug Bounty”. This is also known with other terms like security researching (since findings in new research about some new or old functionality was reported under the same bug bounty programs) and responsible disclosure. Bug Bounty touched other surfaces eventually and wasn’t limited just to testing websites, but other things as well, like software and hardware testing, car hacking, APIs hacking, etc.

People now have the opportunity to join BBPs as customers or as researchers with an equal acceptance of the benefits. Some companies aimed to connect such people with each other and platforms like BugCrowd and HackerOne initiated this responsibility.

How to Get Started?

I think it is important to mention that it is necessary to understand that there is no direct jumping to the bug bounty. You can never start a successful journey to writing reports without understanding the basics first. Yes, you may follow a copy-paste approach by viewing and following YouTube videos and other POC videos without actually knowing why is anything happening the way it is but this won’t cover a long distance, it is highly likely the copy-paste approach will completely fail at some point. So what is the way to go?

IMO, this is how you should proceed:

  1. Learn and understand the basics of Networking
  2. Learn the basics of the Internet and its working
  3. Learn how to design X before you try to break it.
  4. Break it.

The better way to learn this, in my recommendation, would be to follow the basics and learn to build the functionality first before you go and try attacking it. It is lame to my senses that you would see some video and exactly copy the steps in your own environment in an attempt to find the same security issue. This is because every website runs in a different room.

A website is developed by a developer where he writes his logic to do Y in a coded form, and what actually hacking revolves around is if think differently than to the code’s logic and attempt to do something that the developer never thinks of. Therefore every time you face a website as a target for instance, you are facing a unique or shared logic of a developer which needs your own thinking and ideas; they call it:

THINKING OUTSIDE OF THE BOX

unknown

The first three in the above todo list will massively help when you learn the exploitation in the last step. There are some vulnerabilities that are found to be common and appearing frequent in websites and OWASP names them “top 10”. This is what should be your focus on after the basics are neat in your mind. After this, and only after, I suggest making an account on any Bug Bounty Platform like BugCrowd and start testing what you learned so far against the real targets.

Leave a Reply

Your email address will not be published. Required fields are marked *