Why can’t Bug Bounty Hunter find a bug?
Hi everyone, I saw many peoples who tried to find the bug in different website. But after 3 days they start to demotivated because they can’t find any bug.
So Here I am going to teach you how you can select your target & which Approach you need to follow for find the vulnerability. The First thing you need to know about web application Vulnerabilities Because if you don’t know how many vulnerabilities have existed in web application you can’t find any vulnerability. The next thing you need to know about pen testing framework & the last thing is pen testing checklist. So, let’s go:
Web Application Vulnerabilities
I understand that there are several YouTube channels and websites that teach bug hunting techniques. However, many of them primarily focus on reconnaissance and information gathering about the target, rather than providing comprehensive guidance on how to actually find and exploit bugs. For example,
1. They were told you about subdomain finding.
2. Directory Finding.
3. Automation tool for find the bug.
4. Online Platform use for information GathringEvery bug bounty hunter who has recently started faces challenges in finding bugs on websites. This is often due to the fact that many YouTube channels and websites primarily focus on information gathering and reconnaissance, rather than providing in-depth coverage of exploitation techniques.
First, it’s essential to understand vulnerabilities thoroughly. You can start by following the OWASP Top 10 and the SANS 25 vulnerabilities, but make sure you gain a deep understanding of each one. If you’re unsure how to exploit a particular vulnerability, reading write-ups and bug bounty reports can provide valuable insights. you can also read owasp guide 4.0.
pen testing framework
Penetration testing frameworks provide structured guidelines to help secure websites and applications by identifying vulnerabilities and recommending mitigations.
These guidelines follow the Structured Approach, Consistency, Compliance & mitigation Strategies to secure a data. Here are these important guidelines which you need to follow during pentesting.
1. PTES (Penetration Testing Execution Standard)
2. NIST SP 800-53
3. OSSTMM (Open Source Security Testing Methodology Manual)
4. ISSA (Information Systems Security Association)pen testing checklist
When you start bug bounty hunting, you may not know which steps to follow. That’s why many hackers (penetration testers) use checklists to keep track of the tasks they have completed. These checklists give a organize way to find the vulnerability.
Through these checklists you can check everything on the website. Here is the list of checklist.
1. WSTG 4.2
2. ASVS 4.0.3
