Beginner Tutorial - How to learn the Technical Skill and Hacker Mindset That Are Required to Find Your First Bug Bounty.
In 2023, there are so many bug bounty resources for beginners, much more than before. I believe this is a bad thing for beginners, because now, they have to deal with so much unnecessary distractions just from choosing and sticking to a learning path alone. The over-abundance of free resources also fuels procrastination, we usually see people jumping from one learning path to another, without actually touch a real target. In this article, I will show you how much learning is enough. So you can get out of your learning rabbit holes and start hunting on a real target. By the way, this article aims to help you find bugs in IDOR, Information Disclosure, Business Logics, Broken Access Control. It may not help you to find injections bugs or misconfiguration bugs. Because I don't know how hunt them myself. # Technical Skill If you can solve Practitioner labs in PortSwigger with relatively ease, you have enough technical skill to hunt bugs: - https://portswigger.net/web-security/logic-flaw