Member-only story
Intro
It is very important that you get to know the application you are testing very thoroughly, this matters so much because the impact of your bugs is often going to depends on the core business of your target. If your target is a bank, ofcourse they care about issues regarding loans but if we are talking about a shoe seller, you are going to need to focus on the sales process or the item returns.
I put a lot of emphasis on impact because i want you to ignore the low hanging fruits unless you come upon them by accident. These low hanging fruits do not actually exist. If they would, any scanner will have picked them up by now. Focus on impact and the bugs will follow, that is a promise.
What bug bounty platform do i pick?
You have several options here. You can either go with one of the major platforms or try your hand at some google dorking to find a good bug bounty program to fit your needs.
- Intigriti
- HackerOne
- Bugcrowd
- Synack (You need to apply)
- yeswehack
- Google dorking:
