I really want to prove myself (to my parents) by winning a proper bug bounty
How should I best prepare for this and go about actually finding bugs?
Edit So can anyone give some web sites which I could read that would help me understand better how to win, and what free training materials are useful? I'm working through pentesterlab already.
I've the looked up the most common vulnerabilities from OWASP things like XSS, SQL injection, PHP inclusion, CSRF, error disclosure. I've studied each of these and understand how they occur and how to demonstrate them.
I've tried to audit many lines of source code from open source projects looking for parts that haven't properly escaped user input or other important things. I also tried to do black-box testing for things like XSS on staged sites (ones hosted separate from the in-use production server, for the purpose of testing) but nothing has really turned up. I've also read the public disclosure writeups of the bugs other people found.
I understand that part of the problem is that there are people with years of experience who will find things first. And there are also people (like researchers) with much deeper knowledge in specific areas.
But even so I think I should be able to make a positive contribution if I work hard, so I would appreciate any guidance