Bug Bounty Career: Web Hacking

Shakhawat Hossain - 0xShakhawat

4 min readMay 9, 2022

Details

The objective is to help Information Security professionals,
enthusiasts and even the youngest, to enter the Bug Bounty area;
Knowing the skills necessary to work in the area of Bug Bounty;
Of course, this is not a guide that will make you a professional, but I
hope it helps;

Bug Bounty Platforms

HackerOne
Bugcrowd
Intigriti
Bug Hunt
Hackaflag
Yogosha
Zeroday initiative
Open Bug Bounty
YesWeHack
Cobalt.io
Synack Red Team

Skills Bug Bounty Hunter

Knowledge in Programming Logic;
Knowledge in Web Attack Vectors;
Knowledge in Reverse Engineering;
Skills in Web Development;
Programming Logic exercised;
Computational basis;
CTF Player;
Knowledge in Network Computer;
Knowledge in System Administrator (Linux and Windows);
Knowledge in Cloud Computer (AWS, GOOGLE and AZURE);
Skills in Infrastructure Exploitation;

Web Vulnerabilities — TOP 17

Open Redirect;
HTTP Parameter Pollution;
Cross-Site Request Forgery;
HTML Injection and Content Spoofing;
Carriage Return Line Feed Injection;
Cross Site Scripting;
Template Injection;
SQL Injection;
Server Side Request Forgery;
XML External Entity;
Remote Code Execution;
Memory Vulnerabilities;
Subdomain Takeover;
Race Conditions;
Insecure Direct Object References;
Oauth Vulnerabilities;
Application Logic and Configuration Vulnerabilities;

More Web Vulnerabilities: https://owasp.org/www-
community/vulnerabilities/

Vulnerabilities — HackerOne Rank

Top Ten Vulnerabilities | HackerOne

Vulnerability disclosure policies (VDPs) have emerged as a powerful solution. VDPs quickly establish a process for…

www.hackerone.com

Resources Study

Writeups Bug Bounty

• https://pentester.land/list-of-bug-bounty-writeups.html
• https://medium.com/bugbountywriteup
• https://github.com/yaworsk/bugbounty/blob/master/writeups.md
• https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA
• https://paper.seebug.org/802/

Skills Development — YouTube Channels

STÖK (Fredrik Alexandersson)

STÖK

HACKERS GONNA HACK CREATORS GONNA CREATE Support my work: Join me on Patreon! https://www.patreon.com/stokfredrik…

youtube.com

Red Team Village DC Red Team Village

Red Team Village

The Official DEF CON Team Village continues to have an amazing lineup of speakers and presentations! The talks range…

youtube.com

InsiderPhD Katie Paxton-Fear

InsiderPhD

PhD (Def&Sec) Student investigating Insider Threats using Natural Language Processing at Cranfield University. BSc in…

youtube.com

Nahamsec Ben Sadeghipour

Nahamsec

Nahamsec creates educational hacking videos for anyone with an interest in web application hacking with a focus on bug…

youtube.com

HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities…

youtube.com

BugCrowd

Bugcrowd

Organizations of all kinds need to do everything proactively possible to protect themselves, their reputation, and…

youtube.com

The Cyber Mentor Heath Adams

The Cyber Mentor

I'm a hacker by trade, but this channel will contain various lessons and even off-topic stuff from time to time.

youtube.com

John Hammond John H.

John Hammond

Follow me on Twitter: https://twitter.com/_johnhammond

youtube.com

Codingo Michael S.

codingo

Instructional videos on Information Security, and bug bounties by a top 20 bug hunter, ex penetration tester and now…

youtube.com

HackerSploitHackerSploit

https://youtube.com/c/HackerSploit

LiveOverflow

https://youtube.com/c/LiveOverflow

IPPSec

IppSec

Video Search: https://ippsec.rocks

youtube.com

S4vitar Marcelo Vázquez(Spanish Content)

s4vitar

Canal de ciberseguridad y Hacking Ético | Read Team & Pentesting

youtube.com

Zigoo Ebrahim Hegazy (Arabic )

Ebrahem Hegazy

Ebrahem Hegazy (Zigoo0) is an Egyptian information security expert. Vulnerabilities Hunter since 2013, acknowledged by…

youtube.com

ACADI-TI

Acadi-TI - Academia inovadora de TI

👨‍💻 Preparamos você para o mercado que mais cresce no mundo, transformamos você em um profissional de Elite em…

www.youtube.com

Wraiith

Wraiith75

Share your videos with friends, family, and the world

www.youtube.com

Bsides

BSides DC

Share your videos with friends, family, and the world

www.youtube.com

Vinicius Vieira

Vinícius Vieira

Segurança Cibernética e Hacker Ético

www.youtube.com

Kindred

Kindred Security

Share your videos with friends, family, and the world

www.youtube.com

Bug Bounty Public Disclosure

Bug Bounty Proof Of Concepts (POCs) Disclosure

"Education Purpose Only" In this channel , you can find POC videos of publically disclosed reports. "Special Thanks to…

www.youtube.com

RoadSec

https://youtube.com/c/Roadsec

Mindthesec

Mind The Sec

A maior e mais qualificada plataforma corporativa de Segurança da Informação do Brasil

youtube.com

Hackaflag

Atualmente o Hackaflag conta com três modalidades: - Hackaflag CTF, no qual os participantes devem resolver diversos…

youtube.com

Blackhat

Black Hat

Black Hat is the most technical and relevant information security event series in the world. For more than 20 years…

youtube.com

**more skill development youtube channel will be added.

Tools — Bug Bounty

Follow Me: Shakhawat Hossain @0xShakhawat

Bug Bounty Career: Web Hacking

Details

Bug Bounty Platforms

Skills Bug Bounty Hunter

Web Vulnerabilities — TOP 17

Vulnerabilities — HackerOne Rank

Top Ten Vulnerabilities | HackerOne

Vulnerability disclosure policies (VDPs) have emerged as a powerful solution. VDPs quickly establish a process for…

Resources Study

Writeups Bug Bounty

Skills Development — YouTube Channels

STÖK

HACKERS GONNA HACK CREATORS GONNA CREATE Support my work: Join me on Patreon! https://www.patreon.com/stokfredrik…

Red Team Village

The Official DEF CON Team Village continues to have an amazing lineup of speakers and presentations! The talks range…

InsiderPhD

PhD (Def&Sec) Student investigating Insider Threats using Natural Language Processing at Cranfield University. BSc in…

Nahamsec

Nahamsec creates educational hacking videos for anyone with an interest in web application hacking with a focus on bug…

HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities…

Bugcrowd

Organizations of all kinds need to do everything proactively possible to protect themselves, their reputation, and…

The Cyber Mentor

I'm a hacker by trade, but this channel will contain various lessons and even off-topic stuff from time to time.

John Hammond

Follow me on Twitter: https://twitter.com/_johnhammond

codingo

Instructional videos on Information Security, and bug bounties by a top 20 bug hunter, ex penetration tester and now…

IppSec

Video Search: https://ippsec.rocks

s4vitar

Canal de ciberseguridad y Hacking Ético | Read Team & Pentesting

Ebrahem Hegazy

Ebrahem Hegazy (Zigoo0) is an Egyptian information security expert. Vulnerabilities Hunter since 2013, acknowledged by…

Acadi-TI - Academia inovadora de TI

👨‍💻 Preparamos você para o mercado que mais cresce no mundo, transformamos você em um profissional de Elite em…

Wraiith75

Share your videos with friends, family, and the world

BSides DC

Share your videos with friends, family, and the world

Vinícius Vieira

Segurança Cibernética e Hacker Ético

Kindred Security

Share your videos with friends, family, and the world

Bug Bounty Proof Of Concepts (POCs) Disclosure

"Education Purpose Only" In this channel , you can find POC videos of publically disclosed reports. "Special Thanks to…

Mind The Sec

A maior e mais qualificada plataforma corporativa de Segurança da Informação do Brasil

Hackaflag

Atualmente o Hackaflag conta com três modalidades: - Hackaflag CTF, no qual os participantes devem resolver diversos…

Black Hat

Black Hat is the most technical and relevant information security event series in the world. For more than 20 years…

Tools — Bug Bounty

Written by Shakhawat Hossain - 0xShakhawat

Responses (4)