Road To Bounty: #1 Intro
Starting point
I am a full-stack developer with a few years of experience in web development. I started development with HTML/CSS/JS in 2011/2012, by following courses on LeSiteDuZero, and I have a master’s degree in computer science and am working as a full-stack developer since 2021.
I have been interested in security for a long time, but I have never really done anything about it. I have read a lot of articles, watched a lot of videos, and even taken a few courses, but I have never really put my knowledge to the test in the real world.
I started web security with root-me.org in 2016, which is a great platform to learn the basics of web security. I also watch ipsec’s videos on youtube, which are very informative and entertaining. More recently, I started the course “Web Security Academy” by PortSwigger, which is a great course to learn about web security.
I also discovered the bug bounty scene in 2018 and have been interested in it ever since. I have done the CTF challenge on yeswehack, which allowed me to receive a few invitations to private programs (24).
So I already know a few things and have exploited some basics vulnerabilities like XSS, CSRF, SQLI or IDOR.
Goal
I want to start bug bounty hunting to improve my skills in web security and to make some money on my personal time.
I would like to start hunting and find my first bug in the before the end of the year, which give me 6 months.
Initial plan
- Finish the course “Web Security Academy” by PortSwigger
- Pick a target
- Start hunting only on the picked target
I will try to allocate atleast 2 hours per week to bug bounty hunting, and write a blog post every month to keep track of my progress.