2 2




              Choosing Your Hunting Ground






            When you're deciding what bug bounty programs you'd like to participate in, it's nice to
            have a baseline of information about your options d an offering company's report-
            submission process, submission success rate, the attack surface of the sites in question, and
            more. Luckily, that information is typically easy to find based on the type of company, its
            size, the nature of its reward program (third-party marketplace, in-house), and its public
            statements and documentation.
            This chapter will cover how to evaluate marketplaces, programs, and companies and gauge
            their promise as productive engagements. It will also cover how to zero-in on the areas of
            web applications where you're most likely to find bugs. At the end of it, you'll know what
            programs to participate in, why, and how you can make the most of your target
            application d all while ensuring you color within the lines of your agreed-upon rules of
            engagement.



            Technical Requirements


            There are no software requirements associated with this section: you can explore all the
            resources listed here with just a standard web browser. In our case, that's Chrome
            (             ).



            An Overview of Bug Bounty
            Communities ` Where to Start Your Search


            There are many different choices for bug bounty programs to participate in, but most boil
            down to two types: third-party marketplaces and company-sponsored programs.