Bug bounty hunting is one of the most sought-after jobs for young hackers just entering the industry. Some might take on it as a hobby, a way to hone their hacking skills; and for others, it’s truly a lucrative full-time career option. In 2020 alone, bug bounty hunters earned a record $40 million for reporting security vulnerabilities over the bug bounty platform HackerOne.
Many new and enthusiastic hackers join the community on a daily basis, and they need good resources to help them start. There’s a ton of potentially unfamiliar terminology, topics, techniques and tools that new bug bounty hunters need to understand before they can even begin to develop a practical approach. Thankfully, the bug bounty community is known for being supportive, open to sharing knowledge and welcoming to beginners. Because of this, you’re able to find a wealth of inexpensive learning materials online.
In starting your career, one of the best ways to learn the basics of bug bounty hunting is with training programs and courses. We asked the Twitter community as well as our favorite hackers for their advice on the best of these resources, and thus this list was born. The courses and training are listed in no particular order as each can help different individuals with different base skill levels.
Once you’ve gotten a hand on the basics of bug bounty hunting and the theoretical knowledge you’ll need for it, be sure to test your skills by hacking intentionally vulnerable websites for penetration testing and ethical hacking and check out the best bug bounty browser extensions once you are ready to start building your toolstack.
When we took our question about your favorite bug bounty hunting courses and training platforms to Twitter, the clear winner was BugBountyHunter. Created by well-known hacker and bug bounty hunter Sean, better known as zseano, BugBountyHunter is for beginners and experienced hackers alike. You’ll be able to learn skills and test them against custom-made web applications featuring vulnerabilities based on real bug bounty findings. Aiming to be the go-to for all things bug bounty, the platform offers plenty of security-related content, including guides on starting out in bug bounty hunting, explorations of most common vulnerabilities, must-have tools, and tidbits of valuable bug bounty hunting methodologies.
BugBountyHunter offers you access zseano’s complete and highly detailed methodology for finding security vulnerabilities in web applications. On the hand, membership on BBH will provide you a custom-made web application to test your practical skills — BARKER, which emulates a real target, contains over 100 vulnerabilities based on real-life findings, and offers different difficulty levels.
The creator constantly updates the app with new vulnerabilities, and if you follow zseano’s methodology, you should be able to find almost all vulnerabilities on BARKER. And to add fun to the mix, BARKER is gamified—so you’ll level up as you hone your skills and discover more vulnerabilities. Once you’ve discovered 25 unique bugs, you can join Hackevents – a live hacking event with pros and even win bounties.
BBH membership also gives you access to BountyTraining, with training videos on specific topics and demos of their application. All in all, BugBountyHunter is a young platform, but a promising one that’s quickly become the community’s favorite.
PentesterLab might not be specifically bug bounty hunting-targeted but it’s a great, well-known platform that provides online and offline labs designed to teach web application security and penetration testing. The platform offers free exercises and a bootcamp for those just getting into web application security and pentesting, as well as a PRO subscription that is very much worth it, with access to over 200 exclusive exercises and real-life scenarios.
PentesterLab offers different badges, each containing a mixture of exercises ranging from Easy to Hard. Badges cover a wide range of web security and pentesting topics such as cross-site scripting (XSS), SQL injection, authentication and authorization, recon, deserialization and more. In turn, each badge comes with numerous online exercises, involving courses with written material and videos to follow.
To solve many of the online exercises, you’ll find most of the knowledge and resources you need right there on PentesterLab. The more challenging exercises might call for you to seek out Google, but the platform’s videos and material are likely enough for beginners.
Online exercises are simple and straight to the point, allowing you to test what you have learned and videos are of very high quality. The platform author is constantly updating the website and adding more badges and to really get to the best resources and materials, the PRO subscription of only $20 per month is more than worth it, and their loyal user base can attest to it.
3. Portswigger Web Security Academy
The Web Security Academy was created by Portswigger, the very company that created Burp Suite. This free online training center is a viable resource for learning and practicing web application security and includes real-deal content and interactive labs from cybersecurity experts.
Featuring a vast amount of high-quality reading material and interactive labs with three levels of difficulty, the content is continuously updated, with new topics and materials added regularly. You can track your progress and learn at your own pace, and even enjoy a bit of competition with other users via their live leaderboard.
The Web Security Academy features over 30 free labs to help you practice and gain knowledge in important categories of web vulnerabilities such as SQL injections, XSS, XML external entity (XXE), insecure deserialization, information disclosure, server-side request forgery (SSRF), web cache poisoning and much more.
The lab explanations are a great starting point for learning web application security and are suitable for beginners, but also for more experienced hackers to refresh their knowledge and practice their skills as well.
Many established bug bounty hunters started their careers by learning from the videos at Hacker101. Hosted by one of the most popular bug bounty platforms in the world, HackerOne, their free web security class Hacker101 is designed for beginners starting their bug bounty hunting path.
Hacker101 also provides Capture the Flag (CTF) training, where you can hunt in vulnerable real-world scenarios to sharpen your skills even further. Once you’ve found three flags, you’ll be added to the priority list for private program invitations.
With its booming community, and the fact that there’s no better way to learn the art of bug bounty hunting to build your career out of it, Hacker101 is a staple for every beginning bug bounty hunter.
5. Intigriti Hackademy
Intigriti, one of Europe’s biggest bug bounty platforms as well as one of the fastest-growing, has launched the Intigriti Hackademy, their free online learning resource for web security. A collection of free resources for beginner bug bounty hunters, Intigriti Hackademy covers all the necessary vulnerability categories with detailed explanations and real-life examples, write-ups and explanation videos.
Vulnerability types you can find on Intigriti Hackademy include clickjacking, XSS, CSRF, file inclusion, file upload, HTTP parameter pollution, IDOR, open redirect, SSRF, SQL injection and XXE.
They also offer guides and lessons on writing a good report and upping your chances of winning a bounty on Intigriti; as well as insights into the tools a bug bounty hunter needs for recon, subdomain enumeration, content discovery, subdomain takeovers, port scanning, vulnerability assessment, password crackers, proxies, and more.
Launched in 2019 and offering updates, Intigriti Hackademy provides a great overview on all the basics a bug bounty hunter should know and is a great jumping-off point for gaining more advanced knowledge.
6. Bugcrowd University
Bugcrowd University was created in 2018 for bug bounty hunters and security professionals to sharpen their skills, explore insightful topics and gain valuable tools in the field. Growing from the very start, BCU now offers a wide array of topics for every skill level, even beginners. Available material ranges from conference talks, slide decks, high-quality videos and work-throughs, as well as additional resources and labs.
Free and open-source, BCU was created by combining important knowledge of the most critical bugs out there with the questions newcomers ask most frequently. This means it offers a good mix of beginner, intermediate and expert content, even going so far as to feature resources for organizations wanting to host their own bug bounty programs.
Beginner resources include videos and slides on all of the most common vulnerabilities and topics such as recon, CSS, intro to BurpSuite, SSRF, how to make a good submission of your bug, and more. Talks and videos on non-technical topics are also available, focusing on other aspects of hacking and bug bounty hunting. These include the community itself, hardware hacking, car hacking, and a Q&A with Bugcrowd’s founder Casey Ellis.
As a true collection of all things bug bounty hunting, BCU is a valuable resource to have bookmarked, one that offers a unique look into the world of ethical hacking.
7. Intro to Bug Bounty Hunting and Web Application Hacking
This fresh new introductory course comes from none other than Ben Sadeghipour, well-known as NahamSec, a respected hacker loved by many for his educational bug bounty content. Intro to Bug Bounty Hunting and Web Application Hacking is available on Udemy and will help you dive into practical bug bounty hunting. Being truly introductory, it covers many of the fundamental topics and is easy to listen to, providing clarity on how to start bug hunting with as little as zero knowledge.
Released only a few months ago, the course currently features an overview of more than 10 vulnerability types—including XSS, cross-site request forgery (CSRF), SQL injection, insecure direct object references (IDOR), SSRF, XXE and hands-on labs for each of them. Also available is a practical lab that allows you to test your new skills by attacking a fake target, an introduction to recon, a look at most popular bug bounty programs, insights into choosing a program, lessons on writing a report, and valuable instruction in getting your invitation to a private bug bounty program.
Ben has already announced that there will be more updates to the course and that we can expect more intermediate topics. We can’t wait to see how this course will progress!
TryHackMe is an online platform that isn’t really focused on hacking and bug bounty hunting only, but on cybersecurity in general. All content on TryHackMe is offered in the form of short, gamified real-world labs and is made of different modules composed of what they call “bite sized rooms”. As the platform offers such a wide array of topics in cybersecurity you can even find rooms that handle true beginner topics like Linux and networking, but here we’re focusing on the Web Hacking Fundamentals module and a few others.
In Web Hacking Fundamentals you’ll learn how websites work and how to exploit them, how to use the must-have BurpSuite, and all about OWASP Top 10 web application vulnerabilities as well as a CTF (know that the module will require you to have some prior knowledge).
Aside from that particular module, in the “Web” category of rooms you can find resources on Google dorking, SQL injection, different CTFs, CSS, how to conduct OSINT as part of any efficient recon, and how to use many tools every bug bounty hunter should have in their arsenal. There is also NahamStore which was created to test the skills you learned in NahamSec’s Udemy course! With gamification at the core, TryHackMe is a fun platform for hackers of all skill levels. We’re sure you’ll find something that will help you learn new techniques and sharpen ones you’ve already acquired.
9. Bug Bounty Hunting - Offensive Approach to Hunt Bugs
Another popular bug bounty course that was previously available on Udemy, Bug Bounty Hunting - Offensive Approach to Hunt Bugs was created by Vikash Chaudhary and can now be found on the app for his company HackersEra called HackersEra University and parts of it can be found on their YouTube channel. More than 10,000 students have listened to the course, which has helped many without hands-on bug bounty hunting experience acquire the foundational knowledge they needed to start their careers.
Often cited as one of the best courses out there, this bug bounty course covers basic terminology, information gathering, how to use BurpSuite, and of course common OWASP Top 10 vulnerabilities such as XSS, URL redirection, parameter tampering, HTML injection, SSRF, subdomain takeovers and file uploading.
The course also covers other important aspects of bug bounty hunting— including how bug bounty platforms, rewards and the hall of fame work, essentially preparing you to step into the shiny world of bug hunting. While it may have been more convenient when available on Udemy, Vikash’s course deserves to be here—hardly any list of the best bug bounty hunting training courses available exists without mention of it.
10. Website Hacking/Penetration Testing & Bug Bounty Hunting
If you’re looking for a course that’s as beginner-friendly as they get, look no further. Website Hacking/Penetration Testing & Bug Bounty Hunting is a Udemy course by Zaid Sahib offered without prerequisites; no Linux, programming or hacking knowledge is needed. Popular with developers as well as those just dipping their toes into website hacking, this course has already been completed by over 70,000 students. And while finishing the course doesn’t necessarily mean you’ll win bounties straight away, you’ll walk out with solid, foundational hacking knowledge thanks to just the right combination of theoretical and practical lectures.
You’ll start by learning how to create a pentesting lab, then learn about website basics and used technologies. After that you’ll dive into website hacking, information gathering, discovering different vulnerability categories and learning how to fix them. With more than 90 videos, this course covers all of the common vulnerabilities found in bug bounty programs and the OWASP Top 10, such as code execution, SQL injection, XSS, brute forcing, and the like.
This bug bounty course offers a solid foundation and covers all of the basic aspects of web application pen testing. While the techniques it offers can appear somewhat outdated, this is a well-structured course for absolute beginners that will help you gain the minimal knowledge needed to ease into your bug bounty hunting career.
Take your bug bounty hunting skills to the next level
Once you’ve gained enough knowledge and skills to try your luck on bug bounty programs, get a competitive advantage with powerful data resources. With our Bug Bounty Hunter’s Toolkit you can expect to get access to our cybersecurity API, resources for subdomain enumeration, associated domains, DNS and WHOIS historical data, and much more.
The Bug Bounty Hunter’s Toolkit is available exclusively to bug bounty hunters so you can improve your recon and cross-relate domain data for bug bounty hunting.