A somewhat curated list of links to various topics in application security.

Bug Bounty

Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018)

Bug Bounty Hunting Tips #4 — Develop a Process and Follow It

Samesite by Default and What It Means for Bug Bounty Hunters

@Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties!



Bug Bounty Toolkit

Bug Bounty

The Hitchhiker’s Guide to Bug Bounty Hunting Throughout the Galaxy.

The need for note making and an organized methodology in Bug Bounty Hunting

Hunting Good Bugs with only <HTML>


Bug Hunting Journey of 2019

Bug Bounty Playbook

Bug Bounty

How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes



Understanding the full potential of sqlmap during bug bounty hunting

amass — Automated Attack Surface Mapping


Pro tips for bug bounty

The complete story of how I got started into bug bounties and how you could get started already



How a Scottish schoolboy who failed computing became one of the richest 'ethical hackers'

bountyplz – automated security reporting from markdown templates



Bounty Report Generator

File Upload XSS

Bug Bounty Hunting (Methodology, Toolkit, Tips & Tricks, Blogs)

Bug Hunting Methodology (part-1)

All Bug Bounty POC write ups by Security Researchers.

List of bug bounty writeups


List of bug bounty writeups

Collaborate and work with other security researchers on bug bounties

The Bugs Are Out There, Hiding in Plain Sight

Bug Hunting Methodology from an Average Bug Hunter

Finding Hidden API Keys & How to use them



Cookie worth a fortune

The Bugs Are Out There, Hiding in Plain Sight

Bug Hunting Methodology from an Average Bug Hunter

Automated monitoring of subdomains for fun and profit

So you want to be a web security researcher?

What I have learn in my first month of Hacking and Bug Bounty?

Awesome Penetration Testing

Bug Hunting Methodology(Part-2)

Spokeo Bug bounty Experience

Bug Bounty Guide

Source code disclosure via exposed .git folder

DomLink — Automating domain discovery