Getting Started – Bug Bounty Hunter Methodology

This is the first post in our new series: “Bug Bounty Hunter Methodology”. Over the coming weeks, we will share information and resources that will help any aspiring security researcher or bug bounty hunter get their start. If you have any feedback, please tweet us at @Bugcrowd.

Bug Hunter Methodology - Week 1.png

At Bugcrowd we work with companies to create crowdsourced security tests that will make them more secure, all done through working with our community of security researchers. We do this primarily through public & private bug bounty programs, or through responsible disclosure programs. Our bounty programs reward & recognize researchers for being the first person to find a valid security vulnerability. Successful researchers will gain reputation on the Bugcrowd platform through kudos points, with many programs rewarding cash bounties.

In this post we will link to several resources that will be of use to all researchers, whether you’re just getting started or you’d like to add new skills to your arsenal.

Special note for those of us that have just started to learn about hacking:

It’s very important to focus on an area of hacking that is interesting & exciting to you. Focus on that one area and pick up new things as you go, but don’t try to be the “ultimate hacker” and learn everything at once. The greatest hackers on Bugcrowd have specialities and areas of interest, but they don’t know how to hack everything. Start small and build up to something big!

Hacking is a lifelong journey of learning.


In this first version of the Bug Hunter Methodology (v1) we will focus on web application testing, as this is the most common testing target for bounties.

Our Must-Read resources:

Our two must-read resources linked below are our minimum recommendations for those who wish to become bug bounty hunters. These two resources will be helpful reference material as you go through the Bug Hunter Methodology.

The Web Application Hacker’s Handbook

This is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits.

OWASP Testing Guide v4


Practical resources:

OWASP WebGoat – Nothing beats getting hands-on experience finding bugs. Use WebGoat to practice finding real vulnerabilities in a web application.


For further reading about web hacking and penetration testing:

Penetration Testing: A Hands on Introduction to Hacking

The Hacker Playbook 2: Practical Guide to Penetration Testing

The Tangled Web: A Guide to Securing Web Applications

Penetration Testing Execution Standard

Web Hacking 101 


For Mobile hacking:

The Mobile Application Hacker’s Handbook

iOS Application Security

Bugcrowd’s Mobile Security Resource Kit

For IoT Hacking:

OWASP IoT testing guide

OWASP IoT Testing handout

Additional Resources:  JackkTutorials videos on YouTube

Testing Handout:  Web Application Hacker’s Handout



Tools of the Trade

There are no shortage of tools that a researcher can use to help make their hacking life easier. Luckily many of these tools are available for free, contributions to the security community from open source communities or fellow researchers.

To get started, we suggest familiarizing yourself with the following:

Burp Suite – one of the most popular tools in the industry, a platform for web app hacking. Available for $349 a year.

OWASP Zap – a popular free security tool that can be used as an alternative to Burp Suite. Open source and highly extensible.

Kali Linux – a hacker’s operating system that can easily be ran inside a virtual machine on your mac or PC. This OS comes with many hacking tools pre-installed.

As we said earlier, there are many other tools that can be used for a variety of specific functions. We suggest checking out our Researcher Resources – Tools thread on the Bugcrowd forum for a more complete list.



Senior Community Manager at Bugcrowd. Sam's passionate about working to foster the best researcher community on the web. Prior to joining the security industry Sam worked for Couchsurfing, Electronic Arts, Playfish, and gamerDNA.