The following resources will help you get started or improve your skills in web hacking / bug bounty.
Great resources to get you started
- If you're new to web security, it can be difficult to know where to begin. That is why PortSwigger created a suggested learning path to point you in the right direction. Learning Path - Web Security Academy
- The Intigriti Hackademy is a collection of free online learning resources in the field of web security. For every vulnerability category, you will find a detailed explanation with real-life examples, write-ups, bug bounty tips, ...
- Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
- PentesterLab - We make learning web hacking easier! Our exercises cover everything from basic bugs to advanced vulnerabilities. Not only will we help you learn but you'll also have fun doing it!
- List of bug bounty tips
Videos / channels
- intigriti Hackademy videos by PwnFunction
- You've got pwned: exploiting e-mail systems by @securinti
- Web Hacking 101: Hacking Pro Tips by Peter Yaworski
- Stök's channel
- InsiderPhd's channel
Books
- Real-World Bug Hunting: A Field Guide to Web hacking by Peter Yaworski
- The Web Application Hacker's Handbook 2nd edition by Dafydd Stuttard & Marcus Pinto
- Web Hacking 101 by Peter Yaworski