A guide |Becoming a white hat hacker. | Reporting Vulnerabilities and earning money or hall of fame .|

Well, Becoming a white hat hacker is easy. But finding vulnerabilities and reporting is little bit difficult.

Ya, There are so many tools or software that scans and gives you the vulnerability of the particular website you are scanning for.

But I always say to my friends (Begging in hacking) that never be depended on tools for hacking, like Havij, Hacker Box etc, Do everything manually! Doing manually will make you more tough!!

    I myself use some tools, in those rare time, when i have no time to do it manually.. :P
Now a days when i see my friends reporting bugs and getting rewards, bounty, acknowledgements etc etc.
Then i too like report bug and be in hall of fame.. :P

Before knowing about BUG BOUNTY, let’s see the types in which the Vulnerability Disclosure is done.

We generally have two ways of disclosing vulnerabilities:

• Full Disclosure
• Responsible Disclosure

Full Disclosure is when a person goes onto his blog or any other form of public media and writes about the vulnerability that he discovered in the wild most of the times without informing the company where he found the vulnerability. This would allow various other hackers around the world to exploit this vulnerability. This would sometimes lead to problems because the company where you found the bug has got every right to take legal actions against you for letting out the information.

Responsible Disclosure
Responsible Disclosure is where the person who finds a vulnerability in a website directly tells it to the authorities of that website, so that they can rectify the issue as early as possible. And most of the companies reward them in return for reporting the vulnerability. And this is what is BUG BOUNTY.

Well, bug bounty is indeed really a nice way to earn money. But more than money when your name comes up in their HALL OF FAME or the company’s RESPONSIBLE DISCLOSURE page, then that’s priceless. Coz that is what gives your resume some extra weightage and makes you stand out when compared to your peers.

Books to read before Hunting Bugs:
Well, these are the book I generally recommend anyone who wants to start off with web application pen-testing or particularly BUG BOUNTY. 

• Web Application Hackers Handbook , Second Edition(Considered to be the Bible of Web Application Pen-testers)
• Hacking- The Art Of Exploitation
• OWASP Testing Guide v3.0

BUG Hunter’s TOOLKIT:
These are the basic tools that most of the bug hunters generally use and suggest.
Proxy:

• Burp Suite
• Web Scarab
• Fiddler
• Paros Proxy

Mozilla Firefox is the best browser if you want to hunt bugs. And it is the best one coz of its awesome addons that ease our job.

Mozilla Firefox ADDONS:

• Tamper Data
• Web Developer Extensions
• Live HTTP Headers
• Firebug
• XSS Me Sidebar
• Hackbar
• And many more...

Other Useful Tools:

• IRONWASP
• XENOTIX

Optional Tools:
Camtasia Sreen Recorder and Snipping Tools (Useful for creating Proof Of Concepts).



List Of BUG BOUNTY Programs:
Well here is the link that provides you a BIG list of Bug Bounty Programs and Responsible Disclosure Pages.
http://www.ehackingnews.com/2012/12/list-of-bug-bounty-program-for.html

Other ways to earn BOUNTY:
Recently I came across this new startup called BugCrowd that manage organized Bug Bounty for various companies. 

Just register yourself to start off with hunting bugs and earn money.
http://bugcrowd.com/?kid=NG66

It’s a nice initiative indeed where in it’s a win-win situation for everyone. The company gets its site tested from best of the best hackers across the globe and indeed the hackers get paid for finding bugs and reporting it to them.

Anyways, I hope the above article gives enough info to start off with Bug Hunting. Anyways I wish ALL THE BEST to all the beginners who want to start off with Bug Hunting.
Always Remember:

“If you’re good at Something, then never do it for FREE…!!!”
Happy Hunting…;-D