How To Start Bug Bounty Hunting

Short & Basic Intro to Bug Bounty World

I recommend registering on the following crowdsourced cybersecurity platforms (bug bounty platforms):

• https://www.bugcrowd.com
• https://www.hackerone.com
• https://www.intigriti.com

Searching for bugs in the wild (not on a bug bounty platform) can be great, but it may not be the best place to start as there is no guarantee that the company will respond to your report or that you will receive any reward or recognition for your work.

Bug bounty platforms can offer private invites over time, which can provide you with lower competition compared to public programs, increasing your chances of finding something unique.

Try focusing on programs that have a wide scope, where you can manage users (create roles), docs, images, etc.

And then start with a simple — create two users (one basic user & second admin), open two browsers, and start testing for BAC (Broken Access Control) vulnerability.

In short — this is the type of vulnerability, where a basic user can perform admin actions.

Some of these vulnerabilities can be found using direct links to sections/endpoints, but others will require you to modify…