How I got my first private invitation to a bug bounty program?
by Najam Ul Saqib
Bug bounty platforms are rapidly gaining popularity among ethical hackers and
penetration testers, they provide crowdsource solutions to different
companies, hackers look for security loopholes in the websites and in turn
they get paid for a valid submission.
tags: hacker101 - bugbounty - ctf - hackerone
But as such platforms are gaining popularity and more and more people are
finding security bugs in public programs resulting in lesser vulnerabilities
to be found left, private invitations are a better choice in this scenario,
as the word "Private" explains the story, not everyone is allowed to hack on
the private program like public ones. Only selected hackers based on their
skill set and achievements are invited to private programs.
Hence, I got invited to one of the private programs, it is pretty confusing
for newbies to know that how they can be invited to a private program but
don't worry I'll make it clear & concise for you.
HackerOne is a famous and probably number one bug bounty platform, with some
hackers making over 1 million $ in bounties through this platform. This
platform introduces an interesting way for you to learn hacking and making
your path to your first private invitation. Hacker101 is a project of HackerOne in which they post videos and lectures
related to hacking, they also have some CTFs for hackers to get hands-on
experience. The interesting thing with CTFs is that CTFs carry points and
once you complete some CTFs and get a total of 26 points you get invited to
a private program, this cycle goes on, to get your next private program you
have to get 26 more points in CTFs again.
You may have noticed that I have been posting walkthroughs of CTFs from
Hacker101, that's exactly what I was doing, trying to hone my skills and
smoothen my path towards the private invitation. I completed 26 points
successfully and got a private invitation instantly.
Quite obviously, these are PRIVATE programs meaning that you are not allowed
even to discuss their name in the public, forget about security bugs, if you
do so, you are breaking the law and is committing a crime.
The CTFs I solved included many different vulnerabilities like XSS (Stored
& Reflected), SQLi, IDOR, Privilege Escalation, etc so its a good
practice as well to go through these CTFs.
I hope it is pretty clear to you about how you can also get a private
invitation. If not, ask me in the comments.