Skip to content

How To Start Bug-Bounty-Hunting

bug bounty methodology

Lot’s of People are interested in Bug-Bounty, How to start where to learn, how much time it will take and all other things. If you are not familiar with the Bug-Bounty then Bug bounty is like a freelancer big companies to normal companies pay hacker when they find a security issue in their system it could be an android application, server, web application and other things and all with legal way. Hacker finds a vulnerability and tell the company about the issue and get paid depending on the vulnerability. you just need to find a company which has a bug bounty programme and what is allow to test for vulnerability.

As recent news, Google is ready to pay 1.5Million  if anyone is able to find a security issue in its TITAN Security Chip. so you get an idea what is BUG-Bounty.

How To Learn and Start Bug-Bounty 

Most of the People who are interred in Bug Bounty think that bug bounty is all about Web application attacks but it’s wrong. Bug bounty can have soo many different options – Mobile (Android, IOS), web application, cloud, API etc, Yes most of the Bug Bounty work is on the Web application, even cloud can be under the Bug Bounty.

So there is no specif way to start you just need advance knowledge about everything you are going to encounter.


Start with one of the most important things Programming lot’s people think they can do it without programming. yes, you can but it’s very tough to understand about vulnerabilities how they work and how you can find your own. For a demo XSS, vulnerability is all about JAVASCRIPT without javascript knowledge you can’t create your own payload you can use payload already created.

The more languages you learn it will benefit you,
Learn at least one scripting language                     – Python or ruby ( Python is a must)
Learn about Web application related languages     – PHP, PYTHON, Javascript
Learn about different frameworks                          – Ruby on Rails, Django, laravel etc
Some other Languages for Mobile and other Tech- Java, HTML, CSS, Kotlin, C++, XML
Some Technologies                                                 – Cookies, Ajax

These are some recommend languages it just depends on you PHP, PYTHON, XML, HTML+CSS+Javascript is also good enough but more you learn its better for yourself and it’s always helpful.


There are lots of different vulnerabilities you should have a very good understanding it could be related to mobile or web application etc, because that the main thing you have to do, find the vulnerability. for example XSS, SQLI, RCE etc.

once you start learning about vulnerabilities it’s good to practice them on Local systems like DVWA or other web applications ( local vulnerable system installed in your own computer for practice) or you can start CTF challenge.

 Server, Database, Linux and Networking

As you might already know everything is working with the help of network and servers. you should have at least some knowledge about all these things how the database works with SQL (MYSQL, MSSQL, ORACLE etc), How networking and protocols work like IP address, DNS, HTTP protocol, SMTP etc. and have some knowledge about server-side and with Familiarity how to use Linux.

Once you have the knowledge it’s important to keep practising on both real-world or with CTF.

Where to Learn

Below I am including some links where you can learn these topics. paid and free both.


Programming Knowledge 

Free code camp



Bug bounty source

If you are learning about bug bounty then it’s good to have a Twitter account and follow some great people and read POC from other bug bounty hunters how they got a specific Bug. For bug bounty, there are 2-4 books which are recommended by everyone you must read them


Web application Hacker Handbook 2

Web Hacking 101

Hands-on bug hunting for pentester



Now this is something different lot’s of people right now is recommending pentesterlab, it tech you web application attacks and some android. you can check their reviews as far as now I talked with some people who are learning from pentesterlab and some bug bounty hunters and they said a pentester lab is a good option.

Its a paid programme for web-application they have black Friday offer till 2 December 2019 only a few hours lets as of writing this blog. start with 19.99$ month and $199.99 years (without an offer price) $146.52 year with current discount. they have 15 days money back can check it out pentesterlab from here.

Bug bounty Guide from Stok ( must watch)

Some great Bug bounty hunters you should follow

Stok Fredrik


Ben Sadeghipour 

Ben Sadeghipour  ( live bug bounty on twitch and youtube)

Harsh Jaiswal




There are some other great people too you can find them. they post some good stuff for bug bounty

Hackerone free training

Bug crowd-free training

Hackerone CTF challenge

Vulhub CTF challenge

Hack The Box CTF challenge

Free web security training from Burp suite

TELEGRAM GROUP for your discussion You can join our telegram channel for free ebooks and other updates. You can follow us on Twitter and Instagram.
Share it.


1 thought on “How To Start Bug-Bounty-Hunting”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.