Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Eugene Dyakonov2016-02-16 13:41:58
Information Security
Eugene Dyakonov, 2016-02-16 13:41:58

Is it possible now to live off baghunting?

Hello. Are there experienced bughunters here?
Is it possible to live doing only bughunting?
This question is very interesting. How and why did you decide to do this?
1) What is required to search for web application vulnerabilities?
2) What tools do you use?
3) Where do you start looking for vulnerabilities?
4) Do you use kali and its software or maybe something else?
Can you recommend reading some literature.
I accidentally found the site hackerone.com, are there any other similar resources?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
V
Vladimir Martyanov, 2016-02-16
@Sheriff_Light

Learn JS, PHP, HTML, Python and everything that applications are built on. Learn the HTTP protocol, Wireshark. Then you can start.
Forget about Kali as something unique, there is nothing that cannot be put on another distribution kit or even platform, because OpenSource.

Report
S
Sanes, 2016-02-16
@Sanes

Get a job as a tester and live off baghunting.

Report
N
nirvimel, 2016-02-16
@nirvimel

Even major experts in this field do not live on rewards for found vulnerabilities, but have some basic job (in the same field, but on a salary). No matter how great the rewards are, finding a bug is essentially just luck that cannot be relied upon.
PS: It is unlikely that experienced baghunters who have received rewards more than once are sitting on the Toaster.

Report
V
Vladimir Dubrovin, 2016-02-16
@z3apa3a

Here is an interview with a researcher for whom bag hunting is the main source of income.
https://habrahabr.ru/company/mailru/blog/276451/

Report
R
redakoc, 2016-02-16
@redakoc

Yes.
Specialists are now unskilled all around. A little non-standard - they immediately have a dead end.
They do not want to pay a qualified person for the entire project.
Under these conditions, a specialist for a separate bug is very, very in demand.
I was looking for a bug in the Hindu code. The mistake was the most trivial.
From search of other error refused - not my qualification.
After a while, I look - that customer is looking for a specialist to find that very mistake and wants to give him 3000 bucks.
Um. I wish I hadn't given up...

Report
G
globuser, 2016-02-17
@globuzer

It is hardly possible to live comfortably and well by looking for errors and vulnerabilities. But to work in this area, testing, debugging, personalizing yourself as a specialist who understands the innards of applications, code, information protection - this is already a wider area, well, in fact, you can earn normally. Baghunting will be just a pleasant hobby, in case of good luck, bringing additional income.

Similar questions
D
Diversia2021-05-09 12:47:32
How do they withdraw money from the balance when going to the site? 4Reply
B
by_EL2021-05-10 16:35:00
What is the length of the key (password) in encryption? 4Reply
A
Alexander Vladimirovich2019-11-21 15:58:41
How to avoid random occurrence of obscene words in the password generator? 2Reply
S
spelych2015-07-14 17:25:00
What tasks might require group authorization? 4Reply
L
littleguga2015-07-15 11:35:00
How to set permissions correctly? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question