Bug Bounty Hunting Tips #4 — Develop a Process and Follow It

The easiest way to fail as a bug bounty hunter is to search at random without a methodology or process to follow. Here’s what to consider.

Photo by Mark Fletcher-Brown on Unsplash

It is really easy to jump straight in and wildly throw payloads at a system when you first approach a target. Admittedly, it can feel great for the first hour or so but after that, you can start to become bored and frustrated if you don’t find anything. And without a structured bug bounty hunting process, you probably won’t find anything new.

It is important to develop and follow your own testing process in order to test thoroughly and professionally. When you first start out your process will be weak and immature but you’ll develop and improve upon it the more bug bounty hunting you do. If you do this consciously you’ll have greater results.

Choose Your Approach

The high-level approach you’ll take to bug bounty hunting is entirely up to you. Some people have excellent success by picking out a few specific vulnerabilities and testing them against everything in scope for every company running a bug bounty program. In the video below, Mike Baker discusses his approach using automation to test thousands of servers for a handful of known vulnerabilities and making a lot of money doing it.

Others like to focus on a single company at a time, learning everything they can about how they operate, how they write code, what technologies they use, who works for them and how they think about solving problems, which mistakes they keep making, etc. They might even focus on a single application within that company for a long period of time, especially if that product is constantly evolving.

The balance for you may lie somewhere in between. Just because others have success working one way doesn’t mean you will too. Experiment to see what works best for you then stick with your chosen approach.

Minimum Time on a Target

Just like most things in life, starting down the path of a new bug bounty target has a setup cost. This cost can be measured in the number of hours you need to spend learning their environment before you can become operationally effective. Determine what your own setup cost is for a…