Bug Bounty Bootcamp
The Guide to Finding and Reporting Web Vulnerabilities
Vickie Li's pragmatic walk through the bug-bounty workflow, from picking a program and recon to reporting findings that actually pay out.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Vickie Li
- Published
- 2021
- Publisher
- No Starch Press
- Pages
- 416
- Language
- English
Read this if
Readers who want a workflow-first introduction to bug bounty. Li covers recon, methodology, the bug classes that pay, automation, and reports, all in the order you'd actually do them.
Skip this if
Practitioners who already work in offensive security or who want depth on individual bug classes. The book is a wide first pass, not a deep specialization.
Key takeaways
- The recon chapter (subdomains, GitHub leaks, archived endpoints) alone justifies the book; most beginners skip recon and miss most of the bounty.
- The chapters on race conditions and business logic flaws cover bug classes that don't show up in older textbooks but pay regularly today.
- Li's writing on reports, triage interaction, and disclosure ethics is the calmest and most professional section in the bug-bounty book market.
Notes
Pair with Real-World Bug Hunting (Yaworski) for the case-studies side and with Hacking APIs (Ball) once you start seeing API-only programs. Li's blog at vickieli.dev is excellent and comes with the same temperament as the book. If we had to recommend one entry point to bug bounty in 2026, this is currently the one.
What to read before
What to read before Bug Bounty Bootcamp →Beginner · 2019
Real-World Bug Hunting
Peter Yaworski breaks down real disclosed reports across major bug bounty programs, organized by vulnerability class, so readers can pattern-match real findings rather than learn classes from textbook examples.
Beginner · 2014
Penetration Testing
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.
Beginner · 2020
Web Security for Developers
Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.
What to read next
What to read after Bug Bounty Bootcamp →Beginner · 2019
Real-World Bug Hunting
Peter Yaworski breaks down real disclosed reports across major bug bounty programs, organized by vulnerability class, so readers can pattern-match real findings rather than learn classes from textbook examples.
Intermediate · 2023
Black Hat GraphQL
Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.
Intermediate · 2022
Hacking APIs
Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.
Explore similar books
Alternatives to Bug Bounty Bootcamp →Beginner · 2019
Real-World Bug Hunting
Peter Yaworski breaks down real disclosed reports across major bug bounty programs, organized by vulnerability class, so readers can pattern-match real findings rather than learn classes from textbook examples.
Intermediate · 2023
Black Hat GraphQL
Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.
Intermediate · 2022
Hacking APIs
Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.