0PricingLogin
Ethical Hacking Academy · Lesson

Choosing Targets

Scope and programs.

What Is Bug Bounty Hunting?

Bug bounty hunting is finding and responsibly reporting security vulnerabilities in systems whose owners invite testing, in exchange for recognition or money. It is legal, authorized hacking.

  • Programs define what is in scope and what is rewarded
  • Platforms like HackerOne, Bugcrowd, and Intigriti host them
  • Companies also run independent programs

Choosing the right target is the difference between earning bounties and wasting time.

Scope Is Everything

The scope defines exactly which assets you may test. Testing anything outside scope is unauthorized, ineffective, and can get you banned or prosecuted.

  • In scope — the domains, apps, and APIs you may attack
  • Out of scope — assets you must leave alone
  • Excluded vulns — issue types the program will not reward

Read the scope before doing anything else.

All lessons in this course

  1. Choosing Targets
  2. Recon at Scale
  3. Finding Common Bugs
  4. Writing Great Reports
← Back to Ethical Hacking Academy