The latest articles on DEV Community by Manju Varma M (@cypervoid). https://dev.to/cypervoid https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3357393%2F0296318d-aa1b-4cac-a388-3c7a8e0db37a.jpg https://dev.to/cypervoid en Manju Varma M Tue, 15 Jul 2025 15:56:30 +0000 https://dev.to/cypervoid/day-1-of-my-bug-bounty-journey-starting-from-zero-18jm https://dev.to/cypervoid/day-1-of-my-bug-bounty-journey-starting-from-zero-18jm <h2> 🧠 Why I’m Starting </h2> <p>I've decided to begin my bug bounty journey — not because I'm an expert, but because I want to learn the right way from zero.</p> <p>This blog is my daily log — what I learn, what I fail at, and what I figure out.</p> <h2> 📚 What I Learned Today – Day 1 </h2> <p>✅ What bug bounty is<br><br> ✅ HTTP requests and responses<br><br> ✅ Cookies, authorization headers, and login logic<br><br> ✅ Analyzed real web requests using DevTools</p> <h2> 🔍 One Concept That Stuck – IDOR </h2> <p>Changing a URL like <code>?id=101</code> to <code>?id=102</code> might expose other users' data if the app doesn't check permissions properly.</p> <h2> 💭 Reflections </h2> <p>I didn’t use any tools today — just focused on <strong>understanding the basics</strong>, which is a big win.</p> <p>Tomorrow, I’ll explore IDOR more deeply through labs and examples.</p> <p><em>If you're reading this and have tips or feedback, feel free to drop a comment</em> </p> bug bugbounty learning cybersecurity