Tip’s to choose a bug bounty program
Hi everyone! I’m back with another blog, this time I realized that my blogs about bug bounty had a lot of views so I’m back with a blog with tip’s to choose a BBP!
I got this book last week and I’m impressed how this help me! This is very helpful for beginners like me! So go ahead and but IT right now!
Let’s start!
Everyone knows how difficult is for a beginner choose a bug bounty program right? Just with platforms we have a lot of programs to choose!
So what should we look when we are looking for a program? I like this:
- Program scope
- Public program or private programs?
- Vulnerability Disclosure Program or Bug Bounty Program?
- Response time
Now it’s time to be honest as a beginner like me we have a few chances to finds something right? So let’s use that as a pro!
Public VS private programs
Public programs are open to anyone who wants to search for bugs and therefore it is much more complicated for beginners to find something.
But on the other hand private programs are much less competitive and we have more chances to find something BUT we must be invited to them!
The best way to get invitations is to participate in programs where there is no reward for increasing your reputation or earning points in a CTF like this one:
Program Scope
This is also very important because the more assets we have available to test our chances of finding something also increase.
If you have enough skills to test on a IOS app go and try it!
VDP vs BBP
Vulnerability Disclosure Programs (VDP), It is a type of program that usually does not give a monetary reward, in many cases they send gifts or give you points to improve your reputation (and thus get private invitations) and usually not so many people participate as there is no pay.
But this is a great place for beginners!
Bug Bounty Programs (BBP) are programs that generally do have a fee to pay and the amount may be higher if the severity of the vulnerability is greater.
Usually there are a lot of people trying to find something so for us as a beginners will be more difficult to find something!
Response Time
This is one of the most important parts of choosing a program because if you find something you can learn a lot from the company’s security team, you will learn how to write better reports and you will gain a lot of experience so it is very important to choose a program with a FAST response time.
Now with this in mind you can look for programs and try to pick the best for you! I like to create a table like this to choose the best program for me and my skill level:
With all this things in mind you can start looking for your new program and that’s it guys I hope this help you a lot and please don’t forget to follow me! Say thanks to Vickie Li for the great book!
