Published on 29th November, 2024

Get Started with Bug Bounty Programs

Where to hack: Social Websites

Because of how large they tend to be, there is a huge possibility for bugs to exists. They are not only huge but complex as they have to handle thousands of interactions between entities of the platform.

Easily found web vulnerabilities includes, IDOR (Insecure direct object references), data leaks, accounts takeover. Without input validation, you can catch XSS(Cross side scripting), SQL Injection.

Vickie suggest starting with Social Sites as a beginner. Why? 1. A Large attack surface(All the parts of the app that you an hack. The program usually designates part of their product that bounty hackers are allowed to hack also called in scope. There parts not allowed are called out of scope and it is illegal to hack out of scope areas). 2. A large surface area means a wide variety of bugs to discover. 3. And 2 means that there is a great opportunity to learn a lot of web vulnerabilities quickly.

Tools

You will need to learn how to use a proxy like Burp Proxy

Common web vulnerabilities like what was mentioned above already, Javascript, and some web development knowledge

CONS: Higher competition as everyone is looking for same vulns(vulnerabilities) on them

Where to hack: General Web Applications

Sites that offer user - server interactions. Not user - user as in social website above. Doesn't offer a large surface area compared to social websites, means you have to be looking at attacking the platforms stack so you need to understand server side vulns, use a proxy and have web dev and programming know how

Where to hack: Mobile Applications

Good enough a hacker? how about specialise? here you go. Requires skills learnt from Web hacking and new skills like certificate pinning by pass, mobile reverse engineering, cryptography

Tools

Dedicated mobile device, one with root access, simulators

Where to hack: Application Programming Interfaces(APIs)

Check common API vulns like data leaks and injection flaws

Where to hack: Source Code Executables

Programming + Debugging Skills, web vulns, tools, reverse engineering, cryptography, code analysis, software dev skills. Harder to do means less hackers sniffing for bugs, relatively.

Where to hack: Hardware/IOT

Hacking Cars, Smart TV, Thermostats etc

Common IOT vulns, web vulns, hardware vulns, cryptography, reverse engineering, programming + debugging, wireless networks