My Bug Bounty Resources
Hello Amazing People,
My name is Manan Patel, I’m a Security Researcher from India(Gujarat). In this article, I’ll be sharing My bug bounty resources which helped me a lot to grow and learn new things and different approaches.
I have been in this field for past 3+ years now and I’m gonna be sharing some tips on how i got started in this journey and what all resources i have used available all over the internet.
1. Books
I’m gonna be recommending 3 books. Don’t worry it’s gonna be very beginner friendly and very easy to understand.
→The Web Application Hacker’s Handbook Edition-2 — You should consider this book as your GOD. It’s great and it explains the concept of every bug in detail and it will tell you about examples like where to find those bugs in business web apps or some e-commerce website etc. And how can you exploit those bugs in detailed steps, so you understand it pretty easily.
→Real World Bug Hunting — This book takes disclosed bug bounty reports and then explains it in detail so you get to know what a bug class really is and you also find some bypasses because these are bugs that are found in real life by hackers and they’ve also been paid for it most of the times. I really like this book because it gives you a very realistic attack scenario. They also have some newer vulnerabilities like OAuth vulnerability, Race Conditions, Subdomain takeovers etc which i haven’t seen covered as much in other books.
→Bug Bounty Bootcamp — I have really been enjoying reading this book by amazing blogger and hacker Vickie Li. This book not only explains bug classes but it also introduces you to the bug bounty industry. Telling you about different severity types, how to write good bug bounty reports, how scope works and bunch of other things that are very specific to bug bounty industry.
2. Blogs and Writeups
Now to get access to good blogs and writeups you should be very active on LinkedIn and Twitter and follow some of the great hackers out there in this domain. Reading writeups and blogs help you get in hacker’s mindset and creates a creative approach of your thinking process.
→Intigriti Newsletter — They have a weekly newsletter (Bug Bytes) which will keep you updated with the latest bug bounty resources and trends. They post monthly XSS challenges and share their writeups which are very useful.
→Github — There are many people in our community who have collected all bug bounty writeups at one place. I’ll be sharing one such repository which have over 500+ writeups. CLICK ME!
→Pentester Land — They have got some amazing writeups categorized yearly. It is freely available to all the hackers out their to learn. CLICK ME!
3. Labs
While you learn all the concepts, you have to always try some hands-on learning to make sure it’s clear to you. There are many platforms which have such practical approach:
→Pentester Lab: They have some amazing labs to try on which will help you understand all kinds of bugs. Basic to Advance. They will add New CVEs discovered for learning. It is paid but cheap. So if you can get that subscription, It’s worth the money you have invested. Trust Me!
→Portswigger: These labs are free and helps you clear your basics. They have some pretty unique bugs added recently which i haven’t seen on other platforms. unique bugs and labs are made from the hackers themselves who have researched over them. So give this platform a try for better understanding of real life bugs.
4. Programming Languages
Now People say that programming languages and coding aren’t necessary, You don’t need to know it to start hacking etc. But I think it’s very important because you have to understand the root cause of vulnerability to try and exploit it. So the languages i recommend to start off with are:
→PHP and Javascript
You can use FREECODECAMP to learn these concepts and try hands-on projects to get a better understanding. They have got amazing courses by different minds out there. It will help you gain a clear view about these languages.
I hope you enjoyed the article. Let’s Learn, Earn & Grow together with Infosec Community.
Give a Follow If you want more such content —
Twitter: 0xManan
