Introduction
For some time now I have flirted with cybersecurity and I’m still trying to figure out where to start. Coming from an Arts or Social Sciences background, anything IT-related has always seemed like a fantasy. Enter bug bounty hunting, a seemingly ‘free-spirited’, ‘low-entry requirement’ cybersecurity sector.
So when I use ‘free-spirited’ and ‘low-entry requirement’ as adjectives to describe bug bounty hunting, I am describing what I have been looking for in cybersecurity. I have been looking for something that I can do on my own time, pays well, and relies on what I know, not just certifications. That is really what led me here. Enough about me and what I like and don’t like, what is bug bounty hunting?
Bug Bounty Hunting
In the simplest of terms, find bugs, get paid, or at least payment of some kind. It is a program organized by organizations or individuals where other people can report bugs, especially security vulnerabilities for a prize or recognition. In 2022, Google paid out a record $12 million for their bug bounty program (in case you needed any motivation).
How am I even going to do it?
Personally, the quickest way for me to learn is through videos so my first line of action has been to watch videos on how to start bug bounty hunting. The most helpful video for me was Ryan John’s ‘How To Start Bug Bounty 2023’. I watched it twice and decided I was going to follow the steps he outlined. Through this short but effective research project, I have a few steps I have to take over the next few weeks to prepare me to find my first bug.
Step 1 – Web Development Basics
I’ve always been fascinated by how websites and applications work in general. I was able to satisfy that fascination through Angela Yu’s Web Development Bootcamp. What I haven’t told you though, is that I haven’t completed the course. For the purpose of bug bounty hunting, I am going to be quickly re-visiting the course material to get a hang of HTML, CSS, and JavaScript at least on an intermediate level. Enough to read and understand code but not to actually build applications.
To be able to stay on scope, I would be using Ryan John’s ‘ Bug Bounty HTML and Javascript Intro Course’.
Step 2 – Python?
Following the video, it is important to learn a good programming language for scripting and automating different tasks. Basically, it would be better if you could code to make your life easier. My curiosity has already made me learn Python at an intermediate level but I would still be improving on what I know with the ‘Python for Hackers Course’
Step 3 – Linux Fundamentals
I definitely have to be good in this area. In every movie or TV show that has a hacker, they’re always going crazy in some terminal file for some reason. Even if I didn’t have to know this I’m sure I would’ve learned it for the sake of the culture. To guide me on this step, I would be studying the Linux Fundamentals 1, 2 & 3 on Try Hack Me.
Step 4 – Burp
So Burp is an application security testing software. I would be learning Burp Basics and Repeater on Try Hack Me as well.
Step 5 – Get more structure
As I’m going through the steps I’ve outlined, I will also be following along a well-structured 11-hour course, ‘Beginner to Advanced Bug Bounty Hunting Course’. I would be learning the tricks of the trade and the lingo. It is going to be my ‘How to lose imposter syndrome in 11 hours’ video. By the time I’m done with the course, I expect to know what, when, and how to do things during any bug-hunting expedition.
Step 6 – Get to it and talk about it
Step 6 could also be called application and reporting. In this step, I expect to apply all that I’ve learned. This is where I attempt to catch my first bug. The second part of this step is something that would be happening from Step 1. This article is the first in a series that will be talking about the steps I’m taking. Every step will be appropriately documented with an explanation as to why they were taken and I hope to spare no detail.
This is what bug bounty hunting looks like for me so far and I can’t wait to give you updates on what I’ve been able to do. Hopefully, the next time you read an article from me I will have found a few bugs and gotten a few tricks under my sleeve and a few bounties too 😅
