Epic Bug Hunting Failures-2

Hey! This is my second part of Epic Bug Hunting Failures. Part two of our is locked and loaded here. If you missed the first act, catch up here https://infosecwriteups.com/epic-bug-hunting-failures-7d95bb61cb12 .

After rectifying those mistakes, do you believe that, with some experience, we won’t make any mistakes? Quite the opposite; we are likely to make plenty.

1. Getting too worked up about rewards, bonuses, and being in the spotlight used to be my thing. I used to copy exactly what others did to get those rewards, thinking it would work every time. But it doesn’t. Learning from others is cool, but the same tricks don’t always get you the same results everywhere.

This report above was basically followed to get a bounty but unfortunately didn’t happen.

2. Just knowing some few methodologies of few low level bugs like:
Session hijacking, Clickjacking , CORS, DDos etc.

3. Trying to run only automation tools for vulnerability scanning like Nuclei, Burpsuite, Owasp-zap. Yes you can run but depending on it will make our lives very tough.

4. Just checking out websites and hunting for simple bugs, especially on the user side. Sure, the sites might have some issues, but when it comes to learning and making a real impact, the chances are pretty slim.

5. Too many duplicates, not applicable will make us demotivating and will stop hunting. There are bigger spots where untouched.

Ok people, I am coming to the end of this blog these were the pretty big blunders I was doing and still I do.

Rectifying all these:

1. Try to find Server-side vulnerabilities I know its not easy. Learn System design to know the art of developing.
2. Don’t work or hunt for bounties, hunt for learnings.
3. Read lots of medium blogs of others how other have hunted, take the learnings. Don’t follow the same steps.
4. Work on the fundamentals before jumping into hunting.(How website is created, work flow of an application.)
5. Don’t give up and demotivated easily. Yes its tough journey its wait the worth.
6. Vulnerabilities can found easily by one way:

“Master the craft of creation, and the skill of destruction will become effortlessly attainable. -VARSHINI RAMESH”

Conclusion

Hey fellow bug hunters! Bug hunting isn’t always easy. It’s the unexpected stuff. Will be sharing more Bug Bloopers, exploring the world of bug hunting fails, one laugh at a time.Enjoy the surprises and learn from those bug hunting oops moments. Happy hunting!

📫 Reach me if you wish to:

LinkedIn: https://www.linkedin.com/in/varshini~ramesh/
Twitter: https://twitter.com/varshiniramesh5
GitHub: https://github.com/varsh1408