Bug Bounty Programs
--
First Steps to Getting Started
I am an introvert, very analytical and ask many questions.
One question I always had was to find software bugs and report them, but I never looked into it much to find out how to get started. A co-worker in the SOC I work in pointed me to a site called Hack The Box https://www.hackthebox.eu/ and last week I came across this video on YouTube https://www.youtube.com/watch?v=CU9Iafc-Igs . After looking through the content this YouTuber has shared, he puts up a great list of things to look at.
So far I have purchased the book mentioned in this YouTube video, Web Security 101. I am 7 chapters in and like the layout of the book so far. The first 2/3 covers security topics and the last 1/3 covers tools, training resources and bug bounty reporting techniques and procedures.
I have also signed up for a few and checked out all the websites to get started, in addition to the Hack The Box site listed above. Bug Crowd https://www.bugcrowd.com/ , Hacker 101 https://www.hacker101.com/ , HackerOne https://www.hackerone.com/ and the publisher of BurpSuite https://portswigger.net/burp has an academy to help get started.
As I have written before, I am a podcast junkie and I have found a few security related podcasts that have ended up being good resources for finding bug bounty related topics and resources. Bug Crowd themself have a podcast. I am also finding the information shared by other workers in the field in the Getting Into Infosec podcast useful. During one of the episode of this podcast I learned about the Open Bug Bounty site https://www.openbugbounty.org/
I plan to write more and share progress updates weekly, hopefully more frequently than that. Will provide things I learn and new resources I come across.
A few future topics I plan to cover is how I setup my home security/hacking lab and more videos or channels I find for training.
