Vulnerabilities and You: A Beginners Guide to Bug Bounty Hunting
Definitions
Before getting started, you should get familiar with common terms you will hear within the bug bounty community (and often the information security space as a whole).
- BBP — Bug Bounty Program (more on this later in the post)
- Scope — This is the collection of assets the program allows you to test on
- Triage — The process of validating a bug and passing it to the security team
- VDP — Vulnerability Disclosure Program (more on this later in the post)
Pick a Niche
If you’ve decided to start hunting bug bounties, it is often best to first pick a niche that fits your skill-set. Narrowing your search area to a specific niche of asset types will significantly increase your chances of finding a bug, as you will continue to get better over time at finding bugs if you’re continuing to look at the same type of assets. Some of the most common niches that can be found in bug bounty programs are as follows:
- Web Applications/API
- Mobile Applications
- Source Code Review