Here is a short FAQ:
1. How do I get started in Ethical Hacking?
- Go read Web Hacking 101 by Peter Yawoski.
2. Is it legal?
- Yes, perfectly legal. There are many Bug bounty platforms that companies participate, they invite hackers from around the world to test their public facing websites and report issues that you find. It is only illegal if you extort, hack without consent or violate their terms and agreement. Read the terms and stay in scope, you will be fine.
3. How much can I make?
- Depends how good/skilled you are. Top hackers on hackerone made USD 1million in few years. I know a very talented guy in Singapore, makes USD10K per month doing it part time. But this is very rare. Most people will be lucky to get USD100-500 per month if you are good.
4. Do I need to attend any course/training?
- No. self learn, read and practice. Don't waste your time on certifications.
5. Where do I get more info on ethical hacking for money?
- Google Bug bounties and how to get started. hacker101.com, pentesterlab.com, pentesteracademy.com, hackerone.com, bugcrowd.com, etc.
6. How soon can I start making $$$?
- It took me over 1 year to earn my first paid bounty and I am a full time Cyber security advisor specializing in Penetration testing, I only do bug bounty for extra cash, learning and for fun. So be warned, it is NOT easy. You are competing with thousands of talented hackers around the world. Bug bounties is basically crowd sourcing, same concept as Uber, Grab, etc. There is nothing underground about hacking. Hollywood made up loads of sh** about hacking.
7. Do I need to be a skilled programmer/coder?
- It helps, but not neccesary. You must know how to read and modify code in php, bash, perl and python and you must be competent in Linux & Windows.
8. Besides making extra $$, what other benefits of participating in BB?
- Super natural powers and the ability to leap over buildings. With great powers comes great responsibilities; if you are a budding security enthusiastic or a security pro, BB will help you truly understand how Web breaches happen. You will understand how hackers really operate and have hands-on skill to prevent, mitigate and reproduce Web security breaches. Too many IT security pros in the market today only have theoretical knowledge of how a breach really happens, but only a hand full of people that dedicate their time and effort to learn the skills of the dark side.
Hit me up on twitter if you have more questions @r00tpgp
