hi guys, I’m a 32 years old guy, without any job or any payment, it’s been approximately 4 months that I’m trying hard to get my first bug in platforms like bug crowd - HackerOne, etc, where I learned a lot of bug bounty techniques related to XSS,cross-site request forgery, SQL injections, authentication bypass, burp suite, etc.
my learning process has always been, learning the technique from videos, practicing on free buggy websites such as Google Gruyere, OWASP Mutillidae II, (BWAPP), then finally trying the technique on bug bounty programs.
basically, I tried the techniques over and over on a lot of websites, but until now, I didn’t get anything, can someone please give me more advice to get at least my first bug? should I learn other things to complete my knowledge? should I change my learning process?
(N.B: without specifying the country where I’m living, it’s impossible to get a job over here, but I’m trying to get my first bug and some others, in order to get a job in bug bounty companies, that are looking for people like me, but with a little bit of experience )