I’ve really been interested of the idea making money hacking without a degree, if all you are thinking this is not possible or you would consider yourself doing this oneday well, read below to find out.
Okay well for most of us it is hard to get a degree in cybersecurity either because of time constraints or a lack of patience or even mental or physical disabilities. Well, you are all lucky because there is no need for a degree in cybersecurity,
well, it’s easy a lot of big companies or even small companies offer programs called bug bounties and anyone can join these bug bounties, some of these programs offer up to $15000 dollars each vulnerability found!!!. well, this sounds like easy money it’s not, It is extremely difficult and takes lots of practice and patience but as well very rewarding.
Bug bounties follow very strict rules you are not under any circumstances allowed to tamper with there website and damage it, even some website are not allowed automatic scanners such as Nessus or Arachni if you don’t read what it tells you, you can end up getting banned from there website. Before you even attempt to join a bug bounty program please learn about website hacking because bug bounties need great skill in website hacking, if you want to get paid to find security flaws in networks then you will need to do a cybersecurity degree, but bug bounties you don’t but it can help you if you do a degree but it’s not necessary though.
Here are some links to bug bounties programs.
What To Do When A vulnerability Is Found
When you find a vulnerability in one of the websites listed, you will need to write a very clear and precise report on what you have found how to reproduce it and a possible fix.
How To Test Websites?
Well, if you have permissions to scan websites for vulnerabilities the, use website vulnerability scanners like Nessus, Arachni or OpenVas there is a lot more to choose from if you are using a Penetration testing distribution.
What Vulnerabilities Pay The Most?
If you think you have found a critical vulnerability and tested it and succeeded well if it’s either one of these.
- Stored XSS (Cross Site Scripting)
- Classic SQLI
- Blind SQLI
- OS Command Injection
- PHP Injection
You could get quite a bit of money if they approve it because these are the types of vulnerabilities that are most critical and dangerous.
How Do I Get Paid?
Well in order to get paid for a bug bounty you first need to find a vulnerability report it and get it approved, once you have done all this they will pay you through PayPal. When you join the bug bounty you need to set up a PayPal account and that is where your earnings go into.
You do need to realize this is perfectly safe and no one will try and take your money away.
Here is a list of tools that are very useful to exploit a website for fun a profit.
- SQLMap ( Exploits SQL Injection )
- SQLNinja ( Exploits SQL Injection )
- Xsser ( Exploits Cross Site Scripting )
- Nessus ( Vulnerability Scanner )
- Arachni ( Vulnerability Scanner )
- OpenVas ( Vulnerability Scanner )
- BurpSuite ( Vulnerability Scanner, Interceptor, Packet Manipulator, Attacker etc)
- Nikto ( Vulnerability Scanner )
- DotDotPwn ( Directory Traversal )
- Or the manual way of testing
Hope this post was helpful please feel free to comment if you have any questions or if there are any changes or mistakes that need to be made.