It is said that hacking is an art, and the hacker is an artist. If you are that hacker looking for fame and some cash, then bug bounty is the correct choice for you. In this blog, I will give you some more information on bug bounty.
To start with, let us understand the term ‘bug bounty’. A Bug bounty program is nothing but a deal offered by companies to find vulnerabilities in their software, websites, or other web applications. It is also called as Vulnerability Rewards Program (VRP). The individuals who report bugs get recognition and compensation, especially if the bugs reported are more likely to exploit the vulnerabilities of their software. The individuals who report such bugs are known as bug bounty hunters and the process of finding such bugs is called bug bounty hunting.
The advantages for companies that run a Bug Bounty Program are very clear: their main aim is to get all the flaws/vulnerabilities (like CSRF, XSS, Subdomain etc) get discovered and resolved before the application is released to the public. This improves their services and helps to carry out security updates to their application/platform, hence ensuring that their data is safe.
For the bug hunters, it’s the money and hall of fame for their work. This is a very good opportunity for developers or white-hat hackers to make some money, as they are the ones who have the required computer knowledge and they can make or break the site.
If you plan to become a bug bounty hunter, you’ll need to know some basic coding and computer skills. Fortunately, there are many resources to help you get started, and coding is pretty easy to teach yourself. Also, you can use some tools available online to break things or write up a vulnerability report to the company which has issued the bounty, then get paid. Some hackers make lots of money in a year just hunting bugs. It is just a matter of skill and luck.
To keep yourself updated about this, join the bug bounty community (https://hackerone.com/leaderboard/all-time).
You can also join the Bug Bounty World on slack and keep reading their blogs, tools, testing ideas etc. (https://bugbountyworld.com/)
Learn scripting languages, which will help in automation, like JS, PYTHON, RUBY etc. This will for sure improve your skills.
Companies will often have a link or a page somewhere on their website offering bug bounties. Typically, the payment amount depends on how much the bug will impact the users and the difficulty in the hacking. They have their rewards set for the types of bugs. The most critical bug gets the highest amount and then after that, it’s just the priority of the bugs. The final decision is made by the company and their security researchers. The bug report document must have sufficient information for the organization offering the bounty to be able to understand and reproduce the vulnerability.
A large number of organizations, including giants like Mozilla, Facebook, Yahoo!, Google etc. have implemented bug bounty programs.
Here are some links where you can always try to get some fame and money 🙂