Bug Bounty Methodology for a Newbie

Question

Question: Once I join a bug bounty program and start hunting for bugs on a website, how do I efficiently start looking for bugs?

I am very familiar with common vulnerabilities (XSS, sql injection, etc), have read a few books such as the Tangled Web and the Hackers Handbook, and played a bit with platforms such as Web Goat and Damn Vulnerable Web App. But when it actually comes to me looking at the specified website, I just find myself browsing through random input field and source code without much guidance. I feel like this is a very inefficient use of time and I will be devoting effort to areas that are not very productive.

Do any of you have any good guides on how to quickly identify areas of interest without having to comb through the entire site? I have heard that scanners can be helpful but most of the obvious bugs revealed by scanners have already been fixed.

Answer 1

You should check this github repo: https://github.com/jhaddix/tbhm

Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.

Make sure to also check the video :)

Answer 2

I follow the OWASP top ten as a guide line. First, I usually check all input fields and urls for SQL injection. Then, I'll brute force directories using burp suite. Check XSS, etc etc etc.

Answer 3

1 - Follow hackers on Twitter, read, learn and reproduce their hacks

2 - Learn the OWASP top 10 vulnerabilities, learn and reproduce

3 - Learn computer science (i.e I am a software engineer, it helps a lot)

4 - Read regularly about infosec, stay up to date

5 - Try to find bugs and earn some money (it will motivate you)

6 - Stay patient, work regularly, don't give up

7 - Do the good, be respectful and professional with others

8 - Learn and use an unix system properly, take online course and certification (free one's)

Cheers !