It is especially hard for beginners to choose the right program to hunt on.
Over the years, I have learnt enough from my personal experience what program to choose and what not to, especially if you're just starting out.
Here's a thread on choosing the right bug bounty program.
Over the years, I have learnt enough from my personal experience what program to choose and what not to, especially if you're just starting out.
Here's a thread on choosing the right bug bounty program.
1. Developing the hunter mindset is hard at the very start and personally I feel it's better to go for the the low-hanging fruits. To catch low-hanging fruits, you should pick a target that experts would go past.
2. Firstly, go for VDPs. VDPs / unpaid programs are ignored by experienced hunters and you can use these to get some experience and fame. You might also get private invites after building some fame.
3. Next, choosing programs with large scope. Higher the attack surface, higher the chances. But experience players will also be hunting here. The catch is to look for those low payout bugs experience people will overlook.
4. Also, when beginning you might want to find those programs that have a fast response time. This would help you mentally as well.
5. Once all of this is checked, make sure that the program treat it's responders well. There are some programs that despite being underpaid treat reports badly. You don't want to associate yourself with these.
Choosing the right program matters a lot. Especially when you're just starting out, you'd want to have fast response, proper feedback. These should be the goals and not money. Of course after some experience, money will follow ;)
That's a wrap!
If you enjoyed this thread:
1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
#bugbounty #infosec #bugbountytips
If you enjoyed this thread:
1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
#bugbounty #infosec #bugbountytips
Loading suggestions...