Question: Once I join a bug bounty program and start hunting for bugs on a website, how do I efficiently start looking for bugs?
I am very familiar with common vulnerabilities (XSS, sql injection, etc), have read a few books such as the Tangled Web and the Hackers Handbook, and played a bit with platforms such as Web Goat and Damn Vulnerable Web App. But when it actually comes to me looking at the specified website, I just find myself browsing through random input field and source code without much guidance. I feel like this is a very inefficient use of time and I will be devoting effort to areas that are not very productive.
Do any of you have any good guides on how to quickly identify areas of interest without having to comb through the entire site? I have heard that scanners can be helpful but most of the obvious bugs revealed by scanners have already been fixed.