Welcome and thanks for your interest in joining our researcher community! Here is a quick checklist to help you get started:
1. Create a Bugcrowd Researcher account
Before you can report bugs and be rewarded for your findings, you need to create a Bugcrowd account. Your Bugcrowd account also comes with a profile which can be made public (or private), enabling you to show-off your skills and accomplishments to security peers and industry professionals.
2. Pick a bug bounty (or several!)
Bugcrowd has many public Bug Bounties that you can hack on and find security vulnerabilities in, with many of them paying out cash as rewards. Each bounty page has all of the details you need to start testing, including a list of targets, finding types that are in-scope and out of scope (or excluded) from the bounty, and many programs will list the pay rewards that they pay out.
3. Begin testing
If you’re new to bug bounties you may be interested in reading some guides and articles from our researcher community. If you have any questions or need help, join the Bugcrowd Forum and post your question.
4. Report a Bug
Once you’ve found a security vulnerability in a bounty program, click the “Report Bug” button on the bounty program page.
After you’ve reported a bug you will receive a response from Bugcrowd or the customer that is managing the bounty program. If you don’t receive a response within several days, please email us at firstname.lastname@example.org and we will help you out.
5. Fill out your profile
Make sure to fill out your profile information to tell the community a bit more about yourself. Many people use this page to show off their skills, as well as link to their personal websites & twitter accounts.
6. Say hello
The Bugcrowd community team is here to make sure your bounty hunting experience is an awesome one. Whether you need help, have ideas or just want to say hello, we’ll get back to you as soon as we can.