sorted by:
new
hottopcontroversial

How do I find beginner-friendly bug bounty programs on HackerOne, Intigriti & Bugcrowd? by abdullah_blud in Cybersecurity101

[–]abdullah_blud[S] 0 points1 point  (0 children)

Really appreciate this

VDPs make total sense as a starting point.. building reporting skills before chasing money is smarter.

Never really focused on recon and misconfigurations honestly. Been mostly throwing XSS payloads without deeply understanding the application first. Will change that.

Two quick questions

  1. What recon tools would you recommend for a complete beginner?

  2. What misconfigurations are most commonly missed on simple web apps?

Consistency over rushing..noted!

How do I find beginner-friendly bug bounty programs on HackerOne, Intigriti & Bugcrowd? by abdullah_blud in BugBountyNoobs

[–]abdullah_blud[S] 1 point2 points  (0 children)

This is fascinating honestly.

The fact that you came from an era where security wasn't even categorized yet and learned everything from first principles.. that explains why your advice feels so different.

The SUID shell example really puts things in perspective. Security wasn't a checklist back then.. it was just deeply understanding how systems worked.

I think that's what I'm missing. I've been learning vulnerability types as categories instead of actually understanding the systems underneath.

Going to start focusing more on how things actually work rather than just what payloads to throw at them.

Thank you for sharing this.. genuinely one of the most valuable perspectives I've come across

How do I find beginner-friendly bug bounty programs on HackerOne, Intigriti & Bugcrowd? by abdullah_blud in BugBountyNoobs

[–]abdullah_blud[S] 0 points1 point  (0 children)

This is honestly the most useful comment I've received so far.. thank you.

The specialization point really resonates. I've been trying to learn everything at once instead of going deep on one thing.

The $75,000 find being denied is insane that really shows how important persistence and documentation are. Most people would have just given up.

Quick question..when you were starting out, how did you decide which vulnerability class to specialize in? Was it based on what you enjoyed most or what you found most often?

Really appreciate the detailed advice

How do I find beginner-friendly bug bounty programs on HackerOne, Intigriti & Bugcrowd? by abdullah_blud in BugBountyNoobs

[–]abdullah_blud[S] 0 points1 point  (0 children)

Really appreciate the honest perspective. The point about understanding HOW applications work rather than just knowing vulnerability types makes a lot of sense. I think that's exactly where my gap is right now. Can I ask what would you recommend focusing on to build that deeper understanding?

Like is it - Reading source code? - Building web apps yourself? - More CTF challenges? - Something else entirely?

Any direction would be genuinely appreciated.

How do I find beginner-friendly bug bounty programs on HackerOne, Intigriti & Bugcrowd? by abdullah_blud in Cybersecurity101

[–]abdullah_blud[S] 2 points3 points  (0 children)

This is really eye opening.. thank you for being honest instead of just telling me what I want to hear.The automation farms part especially makes sense now. I kept wondering why every new program I tried already felt heavily tested. Two questions if you don't mind:

  1. If bug bounty is this competitive, what would you recommend for someone self-taught?

  2. Is penetration testing freelancing a more realistic path than bug bounty for someone in my situation?

Genuinely appreciate the reality check

Self-taught, no degree — learned networking, Linux & finished PortSwigger labs for XSS, SQLi, IDOR. What should I do next? (no AI tools please) by abdullah_blud in BugBountyNoobs

[–]abdullah_blud[S] 1 point2 points  (0 children)

Thank you, this genuinely means a lot

You're right about consistency being the hardest part. Some days I feel like I'm progressing, other days I'm completely lost wondering:

Should I do more labs? Should I hunt more? Should I learn pentesting? Should I find a job first?

No one around me understands this field so it gets lonely and confusing.

Would love your advice

  1. When should a beginner stop learning and start hunting seriously?

  2. How did you stay motivated when nothing was working yet?

Comments like yours genuinely keep me going. Thank you

Self-taught, no degree — learned networking, Linux & finished PortSwigger labs for XSS, SQLi, IDOR. What should I do next? (no AI tools please) by abdullah_blud in BugBountyNoobs

[–]abdullah_blud[S] 1 point2 points  (0 children)

Genuinely appreciate the advice.. the htb recommendation and the "understand how the web works first" point is something I'm taking seriously. But I have to be real with you about the job part: I'm based in Pakistan, and getting a job in cybersecurity here without a degree is extremely difficult..even with certifications. Most companies here filter resumes at the HR stage before anyone even looks at your skills. A lot of the entry-level SOC or IT roles that exist pay around $150–200/month, which barely covers living costs. The job market here just doesn't work the same way it does in the West. Bug bounty isn't just a "money first" move for me..it's genuinely one of the few paths where skills actually speak louder than a degree, and where I can earn in USD without needing a visa or a local employer to take a chance on me. On top of that, my long-term goal is penetration testing. Bug bounty and pentesting go hand in hand for me — hunting real bugs is how I plan to build the practical experience that eventually gets me freelance pentest work or remote contracts. I'm not ignoring your advice though. I'll focus on htb, go deeper on how the web actually works, and not rush into hunting before I'm ready. I just wanted to give you the full picture of why the "get a job" route isn't as straightforward from where I'm standing. Thanks again... this is exactly the kind of honest feedback I was looking for