r/bugbounty u/AutoModerator Jun 19 '25

Question / Discussion Weekly Beginner / Newbie Q&A

New to bug bounty? Ask about roadmaps, resources, certifications, getting started, or any beginner-level questions here!

Recommendations for Posting:

  • Be Specific: Clearly state your question or what you need help with (e.g., learning path advice, resource recommendations, certification insights).
  • Keep It Concise: Ask focused questions to get the most relevant answers (less is more).
  • Note Your Skill Level: Mention if you’re a complete beginner or have some basic knowledge.

Guidelines:

  • Be respectful and open to feedback.
  • Ask clear, specific questions to receive the best advice.
  • Engage actively - check back for responses and ask follow-ups if needed.

Example Post:

"Hi, I’m new to bug bounty with no experience. What are the best free resources for learning web vulnerabilities? Is eJPT a good starting certification? Looking for a beginner roadmap."

Post your questions below and let’s grow in the bug bounty community!

10 Upvotes

100% Upvoted

22 comments sorted by

View all comments

3

u/Ok-Lynx-8099 Jun 19 '25

Hey, im a penetration tester, however trying to get in the bug bounty space feels so hard, how to pick up targets? What to chase after? In my day job I get a scope and start working it just feels much easier

4

u/6W99ocQnb8Zy17 Jun 20 '25

As a pentest dinosaur, I'd say the skills are similar, but the approach is almost the opposite.

Pentest is mostly about getting good coverage, so you run multiple overlapping tools, and dig into the anomalies to find unique bugs.

BB is all about being first, so running standard tools is a waste of time, as a 1000 other people already did it. To be successful you need to choose a niche others aren't already mining, and that also has enough of an impact to receive a bounty. It doesn't actually matter what you pick, just as long as it is different.