Before Going into Bug Bounties
Before knowing about BUG BOUNTY, let’s see the types in which the Vulnerability Disclosure is done.
We generally have two ways of disclosing vulnerabilities:
Full Disclosure
- Responsible Disclosure
Responsible Disclosure
Responsible Disclosure is where the person who finds a vulnerability in a website directly tells it to the authorities of that website, so that they can rectify the issue as early as possible. And most of the companies reward them in return for reporting the vulnerability. And this is what is BUG BOUNTY.
Well, bug bounty is indeed really a nice way to earn money. But more than money when your name comes up in their HALL OF FAME or the company’s RESPONSIBLE DISCLOSURE page, then that’s priceless. Coz that is what gives your resume some extra weightage and makes you stand out when compared to your peers.
Books to read before Hunting Bugs:
Well, these are the book I generally recommend anyone who wants to start off with web application pen-testing or particularly BUG BOUNTY.
- Web Application Hackers Handbook , Second Edition(Considered to be the Bible of Web Application Pen-testers)
- Hacking- The Art Of Exploitation
- OWASP Testing Guide v3.0
BUG Hunter’s TOOLKIT:
These are the basic tools that most of the bug hunters generally use and suggest.
Proxy:
- Burp Suite
- Web Scarab
- Fiddler
- Paros Proxy
Mozilla Firefox is the best browser if you want to hunt bugs. And it is the best one coz of its awesome addons that ease our job.
Mozilla Firefox ADDONS:
- Tamper Data
- Web Developer Extensions
- Live HTTP Headers
- Firebug
- XSS Me Sidebar
- Hackbar
Other Useful Tools:
- IRONWASP
- XENOTIX
Optional Tools:
Camtasia Sreen Recorder and Snipping Tools (Useful for creating Proof Of Concepts).
Thanks to Content Creator BTS
Note: We Take no responsibility every tutorial here is for educational Purpose Only
Earn upto Rs 5000 Per Month. with daily payout of Rs 500 or more. Join now!
Comments
Post a Comment