This post is an introduction to Programming Concept article series where I dedicate this label to talk about computer programming in many languages.
If you are a bug bounty hunter or your are getting started in the field, you probably ask if programming skill is required for you to be a good hacker. Many people think that:
- Programming is not required: because bug bounty hunting is mainly done through black-box method, i.e: using Burp Proxy with Web Browser to hack.
- Programming is difficult: you may have to learn a lot of maths and theorically stuffs in order to code properly. Additionally, there are hundreds of programming languages and you don't know which one to learn, Python? or Ruby? or Both? What about C/C++?
I am not an expert in programming and I am not from a developer field. I am just a noob who love to learn about computer security and here are what I think about the above points:
It is true that, programming is not required for you to be a bug bounty hunter. However, I think that this is not my final career path. Knowing how to program brings you many advantages:
- Extend your career path: who knows in the future you may create an interesting application or program to the world?
- Broaden your bug bounty attack surface: many bug bounty programs put open-source or source-code scope to their policy. You can do source-code analysis and found many interesting bugs and at the same time, you have an opportunity to learn how to create software (which could extend your career path)
- Create your own bug bounty tooling: believe me, most Top 100 hackers in HackerOne Leaderboard do have their own private tooling. When you hack on your own favourite programs you will be familiar with the application flows / logics where you can code your own automated scripts / programs which saves your recon times. (Note that do not ask them for the tools since they are private).
- Enhance your black-box testing: the more you learn about programming, the more you can guess or visualize how the web applications you are testing work in the background.
Now the question is which one to learn? I have no correct answer for you. I personally use Python for my tooling just because it requires no compilation like C/C++. However, it should be mentioned that each programming language has its own use and that this why I create "Programming Concept" post series - rather than focusing on a specific programming languages, why not just learn every concepts of programming which are implemented (in various langauges). By knowing the concept, you can jump in to any programming languages of your choice. And as I am just a beginner and not a programming langauge expert, the next blog posts will likely to be updated priodically (Please see DIsclaimer).
If you are a bug bounty hunter or your are getting started in the field, you probably ask if programming skill is required for you to be a good hacker. Many people think that:
- Programming is not required: because bug bounty hunting is mainly done through black-box method, i.e: using Burp Proxy with Web Browser to hack.
- Programming is difficult: you may have to learn a lot of maths and theorically stuffs in order to code properly. Additionally, there are hundreds of programming languages and you don't know which one to learn, Python? or Ruby? or Both? What about C/C++?
I am not an expert in programming and I am not from a developer field. I am just a noob who love to learn about computer security and here are what I think about the above points:
It is true that, programming is not required for you to be a bug bounty hunter. However, I think that this is not my final career path. Knowing how to program brings you many advantages:
- Extend your career path: who knows in the future you may create an interesting application or program to the world?
- Broaden your bug bounty attack surface: many bug bounty programs put open-source or source-code scope to their policy. You can do source-code analysis and found many interesting bugs and at the same time, you have an opportunity to learn how to create software (which could extend your career path)
- Create your own bug bounty tooling: believe me, most Top 100 hackers in HackerOne Leaderboard do have their own private tooling. When you hack on your own favourite programs you will be familiar with the application flows / logics where you can code your own automated scripts / programs which saves your recon times. (Note that do not ask them for the tools since they are private).
- Enhance your black-box testing: the more you learn about programming, the more you can guess or visualize how the web applications you are testing work in the background.
Now the question is which one to learn? I have no correct answer for you. I personally use Python for my tooling just because it requires no compilation like C/C++. However, it should be mentioned that each programming language has its own use and that this why I create "Programming Concept" post series - rather than focusing on a specific programming languages, why not just learn every concepts of programming which are implemented (in various langauges). By knowing the concept, you can jump in to any programming languages of your choice. And as I am just a beginner and not a programming langauge expert, the next blog posts will likely to be updated priodically (Please see DIsclaimer).
Comments
Post a Comment