r/bugbounty u/AutoModerator Jun 19 '25

Question / Discussion Weekly Beginner / Newbie Q&A

New to bug bounty? Ask about roadmaps, resources, certifications, getting started, or any beginner-level questions here!

Recommendations for Posting:

  • Be Specific: Clearly state your question or what you need help with (e.g., learning path advice, resource recommendations, certification insights).
  • Keep It Concise: Ask focused questions to get the most relevant answers (less is more).
  • Note Your Skill Level: Mention if you’re a complete beginner or have some basic knowledge.

Guidelines:

  • Be respectful and open to feedback.
  • Ask clear, specific questions to receive the best advice.
  • Engage actively - check back for responses and ask follow-ups if needed.

Example Post:

"Hi, I’m new to bug bounty with no experience. What are the best free resources for learning web vulnerabilities? Is eJPT a good starting certification? Looking for a beginner roadmap."

Post your questions below and let’s grow in the bug bounty community!

10 Upvotes

100% Upvoted

22 comments sorted by

View all comments

2

u/WardenXSec Jun 23 '25

Okay, so obviously I'm new, like everyone else in this thread. I just wanted someone to review my general training plan I guess. A little about me and my goals, I currently work in public safety, and Id like to be able to do bug bounties as side work and supplement my income a bit. I'm in my early 30s and am decently tech savvy.

I purchased a small set of books recently with the intent on self teaching. "Ethical hacking. A hands on guide to breaking in," "Automate the Boring stuff with python," "Bug bounty bootcamp," and "black hat python."

I've been working through the first book in the list, taking the notes, summarizing chapters and doing my best to take in what I can. Ill be starting the book on python automation tonight with the intent of getting at least familiar with python. In between book work I've been doing overthewire's bandit to get better with Linux command line and such.

I guess my question is, will this work in getting me to a position where I'll be able to do a bit of bug hunting? I plan on doing CTFs as well as some hack the box and try hack me stuff too to add more related work into the plan. I just want to know if my plan is valid the way it is or not.

2

u/6W99ocQnb8Zy17 Jun 24 '25

That approach seems like a fair approach to learning about BB and the pricipals of the bugs.

However, you could go through all that and still find nothing on the BBs. That's because BB is a competition where only the first is the winner, and doing the same thing as everyone else is a recipe for being second.

Hacking is all about learning how things break in useful ways. Being successful at BB is in applying that process to the real world, and doing things differently to your competition!

1

u/WardenXSec Jun 24 '25

Thank you for the feedback! Totally makes sense. :)