Security News > 2021 > May > How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Staying on top of the latest web application security trends and new vulnerabilities, and knowing the basics there, and digging in and understanding and application and how its authorization works, and how the pieces of a large application tie together.
They know all the features, how they work, how they interact together and it's really in those areas where we see a lot of our great vulnerabilities being reported internally and externally.
A lot of it is going to come down to, yeah, you are going to need to know the information, how to use the programs, and learn how to do those through those certifications or other courses or your own schoolwork.
What makes a good researcher? How do you build up a reputation in the researcher community? And Katie talked a lot about corporate investment and opportunities, which I think does dovetails nicely into a lot of the questions we're getting.
Where does the bug bounty fit in? I think we have a lot of internal initiative developer awareness.
If you're looking to get into bug bounty, you're looking to get into discovering those zero days and the vulnerabilities, you're going to need to have the programming capabilities, and Katie and Greg can chat about it.