Gold Bug Bounty Resources in 2022 | Web Application, Android & iOS Security

Take your time and start learning from these Resources.

Whether you’re at Beginner’s Level or Intermediate Level or Pro, It’ll guide you as your master.

Pick one resource link from this article from time to time and start learning. There’s no compulsion that you should learn all in order. Take you time!

Learn Bug Bounty Online Free Through These Websites Link

Book of Bug Bounty Tips

IVAN Amazing Github Resources & Cheatsheets

HolyBugx Resources Collection

Bug Hunter Handbook

The Book Of Secret Knowledge

Awesome Hacking Resources

Penetration Testing Resources

nVisium Blog

OWASP Foundation

The Unofficial HackerOne Disclosure

Vulnerability Lab

Rafay Baloch

Bug Bounty POC

Hacking Blogs

Infosec Writeups Medium

Awesome Bug Bounty Resources

Frans Rosen Archives

Writeups IO

ngalongc Resources

Zero Sec

Jack Posts

The Most Insightful Stories of Bug Bounty

The Bug Hunter podcast

Pentester Writeups

CodeNinja Resources

Penstester Lab NewsLetter

Jason Haddix Github

Pentester Land

Open Bug Bounty

IT Security Guard

Awesome Bug Bounty Writeups

Red Web App Hacking


Udacity HTML & CSS Course

Udacity Javascript Course


Aman Hardikar

Researcher Resources

Bugcrowd Forum

Learn To Hack

Hack The Box



Learning Path By PortSwigger

Web Application Exploits and Defenses

Hack the Box


Class Central Bug Bounty

Become Bug Bounty Hunter

Nahamsec Resources


Bugcrowd Crowdstream

Bugcrowd University

Udemy Bug Bounty Courses


Root Me


Over The Wire: Wargames

Vulnerable By Design

Root Me News

Defend The Web



Medium Facebook Bug Writeups

Pentest Labs


The Bug Hunters Methodology


Web Security Blog

Icamtuf’s Blog

BugCrowd Blog

Hackerone Blog

HTML5 Cheatsheet

Brute XSS

XSS Polygot Challenge

MySQL SQL Injection Cheatsheet

AngularJS Sandbox Bypass Collection

Bug Bounty Hunting


Linux Tutorials

Youtube Smart Searches Links For Bug Bounty Learning


Penetration Testing Practice Labs | Bug Bounty Labs

-> Academy Hackaflag -BR

-> Try Hack Me

-> Attack-Defense

-> alert to win

-> CTF Komodo Security

-> CMD Challenge

-> Explotation Education

-> Google CTF

-> HackTheBox

-> Hackthis

-> Hacksplaining

-> Hacker101

-> Hacker Security

-> Hacking-Lab


-> ImmersiveLabs

-> Labs Wizard Security

-> NewbieContest

-> OverTheWire

-> Practical Pentest Labs

-> Pentestlab

-> Penetration Testing Practice Labs

-> PentestIT LAB

-> PicoCTF


-> Root-Me

-> Root in Jail

-> Shellter

-> SANS Challenger

-> SmashTheStack

-> Try Hack Me

-> The Cryptopals Crypto Challenges

-> Vulnhub

-> W3Challs

-> WeChall

-> Zenk-Security

Bug Bounty News Sources Links, To Get Updated

a. Twitter bug bounty tips

b.Twitter bugbountytip hashtag

c. Reddit

d. Twitter bugbounty hashtag

e. Reddit Bug Bounty Page

f. Reddit Netsec

g. Twitter Infosec

Bug Bounty Platform










Dept Resource


SQL Injection


Authorization Bypass

Circumvention of Platform’s Model

Cross Site Scripting


Research On This Mobile Security Topics Too

Install Java, both in windows and linux

Android debug bridge (adb) install and run

Android studio and sdk downloading install

Downloading, installing, and configuring genymotion

Downloading and installing the iOS SDK and Xcode

Setting up and configuring a jailbroken iPhone with repositories

Setting up android pentesting tools, such as apkanalyser, drozer, apktook, dex2jar, and jd-gui, androguard, jdb debugging

Setting up iOS pentesting tools, such as the following: oTool, keychain dumper, LLDB remote debugging, clutch, class-dump-z, and instrumentationi with frida and cycript, hopper, snoop-it

Youtube Videos Resources


Web Development Tutorials

Bug Bounty POC Disclosure


Bug Bounty

Bug Bounty Tips and Tricks

John Hammond Bug Bounty



Farah Hawa


GitLab RCE

Pwn Function

IppSec Bug Bounty


The Cyber Mentor


Wild West Hackin’ Fest

Talks on Bug Bounty

Talks on Web Hacking

Infosec Talks

JWT Hacking

JWT Bug Bounty

Bug Bounty Automation

Awk, Sed & Grep


Bash Scripting Automation

Developer Tools Bug Bounty

Developer Tool Hacking

Dev Tool Hacking

Dev Tools Bug Bounty

Developer Tool Hacking

Android IOS Hacking

Android Application Vulnerability Testing

IoS App Vulnerability Testing

Mobile App Vulnerability Testing

Mobile App Bug Bounty

Jason Haddix




Develop the habit of studying from documentation from official sites like Python, Javascript, OWASP, Linux, etc. It’ll give you depth knowledge on the particular domain topic.

  1. Python
  2. Javascript
  3. OWASP
  4. MDN Web Docs
  5. Kali Linux
  6. Linux Kernel
  7. Linux
  8. Portswigger
  9. GNU
  10. Exploit-DB
  11. OffSec
  12. Devhints
  13. Hackerone
  14. Bugcrowd
  15. Explore Windows

Books Topics To Study On For Web Application, Android and iOS Security | Bug Bounty Books | Penetration Testing Books

Books plays the crucial role on sharpening your knowledge on any field. It’s like someone who’ve decades years of experiences and they put it on one collection of sheets of paper. Imagine getting that experiences by reading such collection of sheets! It’s like decades of experiences in few days.

Search these keyword on google. You’d get a lot of book name lists. Then, download it from your desired source.

  1. Bug Bounty Books

For Example

Search like this and You’d get a lot of learning resources books. And then, download it from your desired book downloading sources.

  1. Python Hacking Books
  2. Javascript Hacking Books
  3. Linux Books
  4. Bash Books
  5. Vim Books
  6. Awk Books
  7. Penetration Testing Books
  8. Web Application Hacking Books
  9. Burp Suite Books
  10. iOS Hacking Books
  11. Android Hacking Books
  12. Hacker Philosophy Books
  13. Browser Hacking Books

Thank You.

Shubham Dhungana




Cyber Security Researcher | Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Tabby — HTB Walkthrough

Splassive Team with Weekly Airdrops! Splash Token!!

Burp Suite Tips — Volume 1

A Unique Email Verification Bypass

Complete Guide on NIST Cybersecurity Framework

Nightlife and the Deep, Dark Web

Bounty Hunter HTB Solution

How Truly Decentralized EtherDelta Is?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cyber Security Researcher | Bug Bounty Hunter

More from Medium

SSRFire - an automated SSRF finder

Bug Bounty — How to approach Vulnerabilities ( PART 1 )

First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration

[ Directory Traversal attack ] How did I find it using GitHub