This is a problem i have been struggling to figure out the past 11 months in my hunt for my first bug. My problem is staying on point every time i hunt with the little time i have with family and so on. There are hundreds of bug bounty programs out there and i am part of 12 or so programs and when i am focused. I use tools and i go manually and i get frustrated and move on to the next target and find nothing.
I have been doing research and some out there say spend at minimum a week or as much as a whole month on a target. I am so confused what is the smarter way to spend on a certain target i am told that if you have not found anything you need to move on. So i move on and spend some time to hunt and i found nothing, and it makes me frustrated at my own capabilities and question my hacking.
It really depends and I don’t think there’s necessarily a hard and fast rule. If it’s a client engagement, there should be some kind of defined timeline or scope, so that takes care of that. But if you’re talking about open bug bounties, you’ll see some people stick to a handful of big targets and they focus on those exclusively. Others will only spend a little bit of time per target but go after more targets.
Personally, I tend to do better with targets that I’m personally interested in. Maybe it’s a product that I personally use or have used in the past, or that I know friends use. Since it’s more interesting, I might spend more time on that target even if I’m not finding anything at first.
There was one recently that I *really* wanted to find a security bug on because it’s a product that I use and have known about for a long time. I couldn’t find anything for 2 weeks. The third week, I popped a stored XSS. It could have been 4 more weeks before I found it, or I may have never found it at all. Not knowing is part of what makes this field challenging for sure.
Thank you for the help and insight yes the targets i am on are products i use on a daily basis since i started bug hunting in June 2020. I typically spend about one week on each target and see if i can see or find something rather than jumping around. That is basically what i am trying to do, but time is always my issue because like the old saying goes. The more you put in the more you get out in the long run.