Bug Bounty Career: Web Hacking
Details
- The objective is to help Information Security professionals,
enthusiasts and even the youngest, to enter the Bug Bounty area; - Knowing the skills necessary to work in the area of Bug Bounty;
- Of course, this is not a guide that will make you a professional, but I
hope it helps;
Bug Bounty Platforms
- HackerOne
- Bugcrowd
- Intigriti
- Bug Hunt
- Hackaflag
- Yogosha
- Zeroday initiative
- Open Bug Bounty
- YesWeHack
- Cobalt.io
- Synack Red Team
Skills Bug Bounty Hunter
- Knowledge in Programming Logic;
- Knowledge in Web Attack Vectors;
- Knowledge in Reverse Engineering;
- Skills in Web Development;
- Programming Logic exercised;
- Computational basis;
- CTF Player;
- Knowledge in Network Computer;
- Knowledge in System Administrator (Linux and Windows);
- Knowledge in Cloud Computer (AWS, GOOGLE and AZURE);
- Skills in Infrastructure Exploitation;
Web Vulnerabilities — TOP 17
- Open Redirect;
- HTTP Parameter Pollution;
- Cross-Site Request Forgery;
- HTML Injection and Content Spoofing;
- Carriage Return Line Feed Injection;
- Cross Site Scripting;
- Template Injection;
- SQL Injection;
- Server Side Request Forgery;
- XML External Entity;
- Remote Code Execution;
- Memory Vulnerabilities;
- Subdomain Takeover;
- Race Conditions;
- Insecure Direct Object References;
- Oauth Vulnerabilities;
- Application Logic and Configuration Vulnerabilities;
More Web Vulnerabilities: https://owasp.org/www-
community/vulnerabilities/
Vulnerabilities — HackerOne Rank
Resources Study
- https://chawdamrunal.medium.com/pro-tips-for-bug-bounty-
f9982a5fc5e9 - https://medium.com/bugbountywriteup/bug-bounty-hunting-
methodology-toolkit-tips-tricks-blogs-ef6542301c65 - https://www.bugcrowd.com/resources/webinars/5-tips-and-tricks-to-run-
successful-bug-bounty-programs/ - https://www.youtube.com/watch?v=CU9Iafc-Igs&ab_channel=ST%C3%96K
- https://github.com/EdOverflow/bugbounty-cheatsheet
- https://chawdamrunal.medium.com/pro-tips-for-bug-bounty-
f9982a5fc5e9 - https://medium.com/bugbountywriteup/bug-bounty-hunting-
methodology-toolkit-tips-tricks-blogs-ef6542301c65 - https://www.bugcrowd.com/resources/webinars/5-tips-and-tricks-to-run-
successful-bug-bounty-programs/ - https://www.youtube.com/watch?v=CU9Iafc-
Igs&ab_channel=ST%C3%96K - https://github.com/EdOverflow/bugbounty-cheatsheet
- https://github.com/djadmin/awesome-bug-bounty
- https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
- https://github.com/Muhammd/awesome-bug-bounty
- https://github.com/ajdumanhug/awesome-bug-bounty-tips
- https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f
- https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-
Hunters - https://github.com/bobby-lin/bug-bounty-guide
Writeups Bug Bounty
• https://pentester.land/list-of-bug-bounty-writeups.html
• https://medium.com/bugbountywriteup
• https://github.com/yaworsk/bugbounty/blob/master/writeups.md
• https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA
• https://paper.seebug.org/802/
Skills Development — YouTube Channels
STÖK (Fredrik Alexandersson)
Red Team Village DC Red Team Village
InsiderPhD Katie Paxton-Fear
Nahamsec Ben Sadeghipour
HackerOne
BugCrowd
The Cyber Mentor Heath Adams
John Hammond John H.
Codingo Michael S.
HackerSploitHackerSploit
https://youtube.com/c/HackerSploit
LiveOverflow
https://youtube.com/c/LiveOverflow
IPPSec
S4vitar Marcelo Vázquez(Spanish Content)
Zigoo Ebrahim Hegazy (Arabic )
ACADI-TI
Wraiith
Bsides
Vinicius Vieira
Kindred
Bug Bounty Public Disclosure
RoadSec
Mindthesec
Hackaflag
Blackhat
**more skill development youtube channel will be added.
Tools — Bug Bounty
- https://github.com/KingOfBugbounty/KingOfBugBountyTips
- https://medium.com/@hackbotone/10-recon-tools-for-bug-bounty-bafa8a5961bd
- https://portswigger.net/solutions/bug-bounty-hunting/best-bug-bounty-tools
- https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/tools.md
- https://www.hackerone.com/blog/100-hacking-tools-and-resources
Follow Me: Shakhawat Hossain @0xShakhawat
