Hey! This is my second part of Epic Bug Hunting Failures. Part two of our is locked and loaded here. If you missed the first act, catch up here https://infosecwriteups.com/epic-bug-hunting-failures-7d95bb61cb12 .

After rectifying those mistakes, do you believe that, with some experience, we won’t make any mistakes? Quite the opposite; we are likely to make plenty.

2. Just knowing some few methodologies of few low level bugs like:
Session hijacking, Clickjacking , CORS, DDos etc.

3. Trying to run only automation tools for vulnerability scanning like Nuclei, Burpsuite, Owasp-zap. Yes you can run but depending on it will make our lives very tough.

4. Just checking out websites and hunting for simple bugs, especially on the user side. Sure, the sites might have some issues, but when it comes to learning and making a real impact, the chances are pretty slim.

Rectifying all these:

1. Try to find Server-side vulnerabilities I know its not easy. Learn System design to know the art of developing.
2. Don’t work or hunt for bounties, hunt for learnings.
3. Read lots of medium blogs of others how other have hunted, take the learnings. Don’t follow the same steps.
4. Work on the fundamentals before jumping into hunting.(How website is created, work flow of an application.)
5. Don’t give up and demotivated easily. Yes its tough journey its wait the worth.
6. Vulnerabilities can found easily by one way:

“Master the craft of creation, and the skill of destruction will become effortlessly attainable. -VARSHINI RAMESH”

Conclusion

Hey fellow bug hunters! Bug hunting isn’t always easy. It’s the unexpected stuff. Will be sharing more Bug Bloopers, exploring the world of bug hunting fails, one laugh at a time.Enjoy the surprises and learn from those bug hunting oops moments. Happy hunting!