The Beginners Guide of Bug Bounty Programs in Nepal

Bugs have long been a source of annoyance for people. Even in the digital age, they can be found in mobile applications, websites, and internet platfo
The Beginners Guide of Bug Bounty Programs in Nepal

Overview of Bug Bounty

Bugs have long been a source of annoyance for people. Even in the digital age, they can be found in mobile applications, websites, and internet platforms. Even if you're just browsing Instagram, Facebook, and Twitter more. 

You've almost certainly come across one of these "bugs" at some point. Those who are interested in the internet and digital marketing, many individuals, however, are unaware that reporting true issues to developers could result in a prize!

You can earn money by examining apps and websites and reporting any faults or vulnerabilities to the developers through a bug bounty program. Various Nepali teenagers under the age of 25 have received these bounties from a variety of companies, and they have received global recognition. 

What is Bug Bounty?

A bug bounty, also known as a vulnerability rewards program (VRP), is a contract given by different websites, companies, and software companies in which users can gain recognition and cash for identifying defects, particularly safety weaknesses and defects.

These applications enable developers to detect and address issues before the broader public becomes aware of them, therefore avoiding massive exploitation. A huge number of firms, including Mozilla, Facebook, Google, Microsoft, and the Web bug bounty, have launched bug reward programs.

How to Find Bug in any Website?

You can easily create web and mobile applications and host them online after learning programming languages and how websites work. It's time to learn how to find bugs in any popular social media website and how to report bugs to company developers.  

Here we Discuss 12 Basics tips that definitely help to start your bug bounty journey. You must be used Kali Linux to find bugs in any website or application.

1. Cross-browser analysis

Cross Browser Testing is a kind of non-functional test that allows you to verify if your website functions the way you want it to be when accessed: operating system combinations, such as on common browsers such as Firefox, Chrome, Edge, and Safari on one of Windows, MacOS or Android.

Cross-browser testing helps to identify compatibility bugs that are browser-specific so that you can debug them fast. It helps make sure that a big section of your target audience is not separated because your webpage does not run on your browsing Operating.

2. Find out more about the OWASP project.

OWASP (Open Web Application Security Project) is a non-profit organization dedicated to enhancing software security. OWASP is based on an "open community" approach, which allows anybody to engage in and contribute to projects, events, online conversations, and other activities.

Top 10 Web Application Vulnerability Risks

  • Exposed Sensitive Data XML External Entities
  • Authentication Error
  • Access Control Is Not Working
  • XSS (Cross-Site Scripting)
  • Deserialization that is not secure
  • Inadequate logging and monitoring
  • Using Components with Vulnerabilities That Are Well-Known
  • Misconfiguration of Security

3. Learn Basics Tools and language 

Familiarize yourself with the relevant technologies. If you like to uncover vulnerabilities in websites, make sure you are well-versed in both client-side (HTML, CSS, Javascript, Jquery, etc.) and server-side (PHP, MySQL, Python, etc.) technologies.

4. Website User Authentication Test

User authentication confirms a user's validity when they attempt to get access to a network or computing service by permitting a human-to-machine transfer of credentials during network interactions.

Security testing is critical whether your website deals with online shopping, banking, or any other activity where customer data must be kept private.

  • Make sure the account is locked out if the wrong password or user ID is entered many times.
  • Ensure that automated login is prohibited by employing mechanisms such as OTP verification or CAPTCHA throughout the login process.
  • Examine cookie and cache encryption.
  • When the user logs out, check that the browsing session has expired by pressing the back button.

5. Application Performance Testing

Performance testing is a software testing method for evaluating a software application's speed, reaction time, stability, dependability, scalability, and resource utilization under a specific workload. 

The basic goal of performance testing is to find and remove performance bottlenecks in software applications. It is also known as "Perf Testing" and is a subset of performance engineering.

Your online application must be able to endure the load, in addition to usability and security. When internet traffic suddenly increases, it is common for websites to fail.

Conduct load testing to see how the site responds to increased traffic. Simulate numerous user login sessions and run concurrency testing to see if the site is functioning appropriately.

How to Start Bug Bounty?

Even if you're new to bug bounty, you should begin with this step because I'll answer all of your questions, including the basics of bug bounty, the best tools, and languages for bug bounty, and the top 10 web applications bug threats. This will help you to researcher personally web application problems.

  • Start with the basics of Programming Language such as Python, Javascript, PHP, MySQL, and More.
  • Learn Networking like HTTPS, HTTP, IP, SSH, FTP.
  • Deploying website online live.
  • Learn Owasp Top 10 web application Risks
  • Use Kali Linux Operating system
  • Learn and build your Linux command lines.


Best Tools and Language for Bug Bounty

Programming language is the most important way to learn how any website or mobile application works and its functions. There are many popular programming languages You can use to start bug bounty such as Python, Javascript, PHP, SQL, etc. 


1. HTML and CSS

HTML and CSS are the basics of any web development. HTML stands for Hypertext markup language, and CSS stands for Cascading style sheet. This language helps to make web structure and design. 

2. JavaScript

JavaScript is a client-side and server-side text-based language that helps you to develop dynamic web pages. Whereas HTML and CSS provide structure and aesthetics to web pages, JavaScript adds interactive components that keep users engaged.

3. Python or PHP

Python is a multi-purpose programming language that can be used for a variety of purposes. Python is used in website development, artificial intelligence (AI), machine learning (ML), operating systems, mobile application development, and computer game creation.

PHP "Hypertext Preprocessor" is a recursive word for "PHP: Hypertext Preprocessor." PHP is an HTML-enabled server-side programming language. It's used to manage dynamic content, databases, track sessions, and even create full social media sites.

4. SQL & Mango DB

MySQL is a SQL (Structured Query Language)-based relational database management system. Data warehousing, e-commerce, and logging applications are just a few of the uses for the application. However, the most popular application of MySQL is as a web database.


Popular Blogger Templates


Because of its versatility and ease of use, MongoDB is popular among new engineers. Even while it's simple to use, it has all the features necessary to handle the complicated requirements of modern applications.

5. Linux command line

The Linux command line is a text-based computing interface. Allows the user to access commands into the terminal directly or to execute commands that have been coded in "Shell Scripts" quickly.

6. HTTP, HTTPS, FTP, SSH & IP

Hypertext Transfer Protocol (HTTP) is a hypermedia application layer protocol, for example, HTML. The communication between web browsers and web servers was designed.

IP is a set of rules for the format of data sent by the Internet or local networks, which means the Internet Protocol.


Other Popular Articles



Endurance testing is used to determine how well a website performs when it is subjected to a high volume of traffic.
Examine the application's loading time when there is a lack of network coverage.

Trends of Bug bounty in Nepal

The bug bounty program is a way to gain money by researching websites and applications and reporting to developers any detected errors or vulnerabilities.

Many Nepalese young people under 25 are known at national and international levels and have received these rewards from various firms. Two years ago his first bounty of $2,000, obtained by Saugat Pokharel from Kathmandu, presently studying physics at the Amrit Science Campus, was received by Facebook. 

Saugat Pokharel

Saugat Pokharel, a 22-year-old physics student at the Amrit Science Campus in Kathmandu, won his first $2,000 award from Facebook two years ago. While chatting from his Facebook page "Students of Nepal," he spotted a glitch.

The Beginners Guide of Bug Bounty Programs in Nepal


Many youths start their bug hunting journey by exploring and finding the bug in popular sites and mobile applications. 

Now, We are going through step by step about what is bug bounty, how to start bug bounty in Nepal, are trends and scope of bug bounty in Nepal as the best source of earnings.

Binit Ghimire

Now Binit Ghimire has tools to improve his hunting skills and basic coding capabilities. "Different firms compensated me, maybe 16-17 times," he said. Up to the date of birth and e-mail address of the disclosed user, Pokharel received the greatest incentive of $13,000 from Instagram to endanger their privacy.

The Beginners Guide of Bug Bounty Programs in Nepal

In November 2018 Binit Ghimire, 20, a Chitwan-based second-year bachelor's degree in computer engineering, earned his first $750 Facebook grant just after 3-4 months of bug research. More than 70 firms and enterprises have now praised Ghimire for their support in bug hunting for securing their digital assets and systems

Shah Sudip

The Beginners Guide of Bug Bounty Programs in Nepal

The first legitime bug report,  Sudip Shah, 18, Pokhara 12, who started lockdown hunting in 2020, was awarded a $500 reward. He had found that Facebook page managers may view their identity and submit it to the Facebook Safety Centre. He adds that "I sent 50 Facebook and 30-40 Facebook complaints to various reward bug programs earlier." 

Shah was enthusiastic about his initial award and was looking for safety deficiencies at various locations. In August 2020 he even entered the Hall of Fame on Facebook (with Facebook lists and appreciation for the responsible divulgation).


Top 5 Bug bounty Sites 2021

The following is a selected list of respected companies' Bounty Programs. You use this website to find the bug and weakness security problems.

Facebook

Facebook has run a rewards program in which external experts help us enhance the user privacy of our products and services by reporting potential security holes. November 19, 2020

Limitation: 

Very few security issues should be considered off-limits by the social networking site.

Minimum Payout:

For a fully reported bug, Facebook will pay a minimum of $500.

Maximum Payout:

Facebook has not set a maximum bound for the Payout.

Bounty Link:

https://wwww.facebook.com/whitehat/


Intel Bug Bounty

According to the company, building partnerships with security researchers and encouraging security research are important parts of Intel's Security-First Pledge. 

Intel invites security researchers to collaborate with us to mitigate and coordinate the disclosure of potential security flaws.

Limitation: 

Previous acquisitions, the company's web infrastructure, third-party products, and anything related to McAfee is all excluded.

Minimum Payout:

For detecting issues in Intel's technology, Intel pays a minimal level of $500.

Maximum Payout:

The maximum payment for identifying the critical bugs is $30,000.

Bounty Link:

https://securitycenter.intel.com/BugBountyProgram.aspx


Apple 

As Apple officially established its bug reward program, just 24 security researchers were allowed to participate. After that, the platform was developed to accommodate more bug bounty hunters.

Minimum Payout:

Apple Inc. has not set a limitation on the amount of money that can be spent.

Maximum Payout:

Apple's highest generous payout is $200,000 for security vulnerabilities in its system.

Bounty Link:

https://support.apple.com/en-au/HT201220


Amazon

Act quickly to avoid a cybersecurity compromise with a cost-effective and time-saving solution. With the combined testing power of hundreds of ethical hackers from all around the world. 

You can easily use our bug bounty testing platform to boost your cybersecurity posture. Stay ahead of the game to be ready for any attack!

Minimum Payout:

The reward was divided into four categories by Amazon. The most minimal or low sum that Amazon will pay to those who are found a bug in the system is $100.

Maximum Payout:

Apple's highest generous payout is $200,000 for security vulnerabilities in its system.

Bounty Link:

https://aws.amazon.com/marketplace/pp/prodview-joes5hm2bgmie


Microsoft

If you are a security researcher who has discovered a Microsoft product, service, or device vulnerability, we want to hear from you. If your vulnerability report affects a product or service covered by one of our bounty programs listed below, you may be eligible for a bounty reward as described in the program specifications.


Graphic Design Articles


There are many bug bounty projects that Microsoft start to found a bug in the system. There is no limitation or minimum price that Microsoft gives reward to bug founder.

You can view all the details about pricing and project in the Microsoft system. Microsoft bug bounty projects are separated by technology area, although they both have the same high ranking requirements:

Bounty Link:

https://www.microsoft.com/en-us/msrc/bounty


Conclusion: 

 If You are want to learn about complete practical bug bounty and how to find bugs. Check out the udemy courses. Here are some useful articles to learn about bug bounty.


-- FAQ about Bug Bounty

In this section, we will discuss some frequently asked questions. where any buy bounty hacker should learn to better improve their skills.

1. What is Bug Bounty?

A bug bounty (VRP) is a contract made between several websites, corporations, and Software businesses where the username and cash can uncover vulnerabilities, especially security holes and flaws, and is also recognized as a vulnerability-reward-program (VRP).

2.  Best Linux tools For Bug Bounty?

  • Vulnerability-Lab
  • Google Dorks
  • DNS-Discovery
  • Reverse IP Lookup
  • Wapiti
  • Burp Suite

3. Which Operating system Use in Bug Bounty?

  • Kali Linux.
  • BackBox.
  • Parrot Security operating system.
  • DEFT Linux.
  • Samurai Web Testing Framework.
  • Network Security Toolkit.

4. What is Linux so appealing to hackers?

For hackers, Linux is a very popular operating system. There are two primary causes for this. To begin with, because Linux is an open-source operating system, its source code is publicly available. Linux hacking tools are used by malicious actors to exploit flaws in Linux applications, software, and networks.