These days, Bug bounty Hunters are trending within the IT security ecosystem, but very few articles deal with the DNA of a Bug Bounty Hunter.

At Bountyfactory.io, we consider Bug Hunters have to respect and fit legal frameworks and norms.

AS a bug hunter please find below the goals you should be driven by :

  • Keep on having Fun
  • Make the Internet more secure for your beloved and in extenso for all end users. Regarding the rise of two main concepts “Privacy by design” and “Security by design” your role is far more important than ever.  By instinct, you are strongly devoted in protecting people from crooks and all sorts of criminal mercenaries.
  • Share and improve your knowledge and skills. Get wisdom and empowerment.
  • The more, the merrier : Open and strengthen your circle of acquaintances and friends.
  • Get rewards especially cash (not only t-shirts and miles for instance).
  • Forge your reputation, fame and defend your ranking like  a professional Tennis player. Eventually be hunted by recruiters for a well-paid and interesting position in the best IT security company you had been dreaming of. Check Bounty Factory’s ranking page.

Here are the means you should deploy to pursue your goals :

  • Keep learning languages you are supposed to work with.
  • Spot and exploit what the main weakness of each language is .
  • Trust your knowledge : Use your existing skills, especially as a programmer, to spot and find vulnerabilities.
  • Focus on concise reporting : once you found one vulnerability your duty as a hunter is to provide a clear and relevant report so that one could reproduce it properly.
  • Explore new dimensions : After you’ve learnt how to deal with basic vulnerabilities  (eg. IDOR, CSRF) you should move a step forward and look into XSS ones.
  • Reverse Engineering you should cherish and practice.