BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs)

A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.

A reward offered to a perform who identifies an error or vulnerability in a computer program or system.‘The company boosts security by offering a bug bounty’

                                                    Bug Bounty Platforms

Bugcrowd-                                                  https://www.bugcrowd.com/

Hackerone -                                               https://www.hackerone.com/

Synack-                                                      https://www.synack.com/

Japan Bug bounty Program-                   https://bugbounty.jp/

Cobalt-                                                       https://cobalt.io/

Zerocopter-                                                https://zerocopter.com/

Hackenproof-                                            https://hackenproof.com/

BountyFactory-                                         https://bountyfactory.io

Bug Bounty Programs List-                     https://www.bugcrowd.com/bug-bounty-list/

AntiHack-                                                  https://www.antihack.me/

                    Some Books for reading about Bug Hunting

There are some books for Web application penetration testing methodology and hunting the web. Through this you learn the basics and essentials of penetration testing and bug hunting. Since bug bounties often include website targets, we’ll focus on getting you started with Web Hacking and later we’ll branch out.

 

1.           The Web Application Hacker’s Handbook 
2.           OWASP Testing Guide
3.           Penetration Testing 
4.           The Hacker Playbook 2: Practical Guide to Penetration Testing 
5.           The Tangled Web: A Guide to Securing Web Applications 
6.           Jhaddix Bug Hunting Methodology 
7.           The Hacker Playbook-3 
8.           Ethical Hacking and Penetration Guide 
9.           Web Penetration Testing with Kali Linux

 

Mobile Hacking Book

1.           The Mobile Application Hacker’s Handbook                        
2.          IOS Application Security
3.            Owasp Mobile AppSec

Practice makes Perfect!

While you’re learning it’s important to make sure that you’re also understanding and retaining what you learn. Practicing on vulnerable applications and systems is a great way to test your skills in simulated environments. These will give you an idea of what you’ll run up against in the real world.

1.              BWAPP 
2.              Webgoat 
3.              Rootme 
4.              OWASP Juicy Shop 
5.              Hacker101 
6.              Hacksplaining 
7.              Penetration Testing Practice Labs 
8.              Damn Vulnerable iOS App (DVIA) 
9.              Mutillidae 
10.              Trytohack 
11.              HackTheBox 
12.              SQL Injection Practice
13.              Try Hack Me 

                                                POC’s & Write-up

Read tech Vulnerabilities POCs (Proof of Concepts) and write-ups from other hackers

Now that you’ve got a baseline understanding of how to find and exploit security vulnerabilities, it’s time to start checking out what other hackers are finding in the wild. Luckily the security community is quite generous with sharing knowledge and we’ve collected a list of write-ups & tutorials:

1.            Bug Bounty write-ups and POC 
2.            Awesome Bug Bounty 
3.            SecurityBreached-BugBounty POC 
4.            Facebook Hunting POC 
5.            Bug Hunting Tutorials 
6.            PentesterLand Bug Bounty Writeups 
7.            Hackerone POC Reports 
8.            Bug Bounty POC 
9.            Netsec on Reddit 
10.            Bug Bounty World

Video Tutorial

1.            Rjitech 
2.            JackkTutorials on YouTube 
3.            DEFCON Conference videos on YouTube 
4.            Hak5 on YouTube 
5.            How To Shot Web — Jason Haddix, 2015 
6.            Bug Bounty Hunting Methodology v2 — Jason Haddix, 2017 
7.            Hunting for Top Bounties — Nicolas Grégoire, 2014 
8.           The Secret life of a Bug Bounty Hunter — Frans Rosén, 2016 
9.           SecurityIdiots 
10.           BlackHat 
11.           Injector PCA 
12.           DevilKiller 
13.           SulemanMalik 
14.           Penetration Testing in linux