Watching videos on Hackinghub in the resources section
How to Pick a Target
— Recommend VDP for first time - These are unpaid and is a good place to start. The reason is because of low competition so it is easier to hack on. - IBM is a good one - This helps with building methodology - Look at top three BB places and do VDP’s
— Pick newer since it might have more vulns - response time - payrate
CVSS (Common Vulnerability Scoring System)
- CVSS Calculator
- You use this to set the severity of your bounty
- Since its subjective you might go back and forth so use CVSS as part of your argument
- AV:N you use this for web application bug bounties
- Bug Crowds Vuln Rating
- stuff
This day was kinda lack luster in the learning department. None of this seemed like stuff to take notes on and will probably have to revisit once I get to actually doing VDP’s