Beginner’s Approach to Bug Bounties

Starting with “The Office” quotes because I love the show :D

Therefore going to a reliable crowd-sourced platform with friendly triagger support is important when starting and I will recommend to start with Bugcrowd.

2. How to pick programs?

The initial goal is to cut the crowd as much as possible.

3. Why to stick with programs?

Old Program → Less Crowd → New Code → New vulnerabilities → 💰💰💰

4. What to Hunt?

5. Reporting

## Description
Explain the bug-type in 2-3 lines
## Impact
Explain the damage in 1-2 lines
## Steps to Reproduce
Instead of writing a paragraph, add bullet points with screenshots of as many steps
as possible.

6. My Initial Findings

Marked as Not Applicable
P3 (Duplicate + Won’t Fix) +2 points
P3 (IDOR: 500$) + 10 Points
P3 (IDOR: 450$) +10 Points
P4 (Repudiation: 200$) +5 points

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store