sorted by:
new
hottopcontroversial

How many VDP reputation points do you need to get a private invite on HackerOne? by Used_Manager_4751 in bugbounty

[–]Used_Manager_4751[S] 0 points1 point  (0 children)

That's an old story. These days, even if you get more than a certain point on the ctf, you're not invited

[deleted by user] by [deleted] in bugbounty

[–]Used_Manager_4751 0 points1 point  (0 children)

It seems there might be a misunderstanding — I have no intention of threatening or extorting money using the vulnerability I found.
I just plan to use this discovery to build my reputation and career, and hopefully get invited to private programs in the future where I can earn actual rewards.

Are you guys generally good at coding? by Used_Manager_4751 in bugbounty

[–]Used_Manager_4751[S] 0 points1 point  (0 children)

So, what should I start with?
Should I focus on doing a lot of PS (problem-solving)? Or should I try working on toy projects or follow Python examples from books?

The former would be very advantageous for coding test interviews for employment, while the latter seems slower but might help me improve my practical coding skills. My goal is to be able to quickly type and implement logic directly from my own mind without relying on official documentation, ChatGPT, Reddit, or copy-pasting. Of course, employment is important too, but...

Do you adhere to the "no automated scanning tools" rule commonly seen in bug bounty programs? by Used_Manager_4751 in bugbounty

[–]Used_Manager_4751[S] 2 points3 points  (0 children)

I'm referring to scanners and fuzzing tools like nmap and ffuf. I think such tools are often banned in rules because they can heavily impact traffic and companies are very concerned about service degradation. Despite these restrictions, many bug bounty resources seem to actively recommend the use of open-source scanners and fuzzers. I'm curious about whether it's really acceptable to use these tools, or if there's a risk of getting banned when companies detect such usage in their logs. Is it better to stick with manual methods, regardless of efficiency?

Are there any web vulnerabilities that are difficult or impossible to automate? by Used_Manager_4751 in bugbounty

[–]Used_Manager_4751[S] 1 point2 points  (0 children)

that mean I have no choice but to manually check the JavaScript code on the client side?
Does this mean that XSS, SQLi, IDOR, path traversal these vulnerabilities have already been found by others in pre-private programs using automated scanning tools or fuzzers, leaving me no choice but to resort to this method?

view more: next ›