Bug Bounty Program | Bug Bounty Hunting
First let us understand what is bug bounty??
What is Bug bounty?
Bug Bounty is a monetary reward given to Independent ethical hackers /bug hunters by organizations on successfully finding and reporting vulnerabilities within their systems.
Usually these bug hunting programs are organized by Independent third party(eg Bug Crowd, Hackerone, Intigriti)
There are 2 types of bug bounty programs, public & private. any hacker can participate in public programs but private programs are based on invitations only.
why do many organizations use bug bounty programs to find vulnerabilities in their systems?
- Hackers on bug bounty platforms are highly skilled and competitive, who can help companies to uncover vulnerabilities & fix them.
- benefit company’s reputation & indicates regulators that they have standard security protocol.
Why do hackers and security researchers participate in bug bounty programs?
- It provides good cash rewards & recognition.
- legally hacking and breaking into big organizations can be fun!
Pro’s & Con’s of bug bounty Programs
- you get rewarded for hacking 😉 legally. & if you find any severe vulnerability then 🤑🤑🤑🤑
2. exposure & opportunity to explore more in the field.
3. good for resume.
- there in no timeframe when you will find bugs, there are lots of competition also so you may find duplicates.
2. it gets exhausted because of continue try to find bugs.
3. sometimes you get demotivated(you shouldn’t always have a positive approach believe in your process).
Although, most of the experts recommend you should not do bug hunting full-time.
where to start bug bounty?
you just can’t go to anyone’s website and start hunting that’s not right method for bug bounty.
there are independent third party companies who organized bug hunting.