Thousands of organizations (including General Motors, GitHub, Lufthansa, Nintendo, Spotify and Starbucks) are partnering with the global white hat community. Over the past year, 1,000 client programs have been hosted on the HackerOne platform, and the winners have received $23 million in awards. Nine hackers have earned more than $1 million in total. The average total payout for a certified ethical hacker is $82,000 per year. Individual bug hunters on Bug Bounty platforms earn up to $50,000 per month.
Capture the Flag (CTF). Participants in CTF competitions are looking for a "flag" that serves as evidence of a system breach. Capture the flag competitions are a great way to learn how to hack cyber systems. Usually, the CTF has a limited time limit and only registered teams participate in capturing the flag. But there are also plenty of always-online CTFs where you can hone your cyberhacking skills on your own and without time limits. It's haighly recommended to have one of the best laptops for hacking to be properly equipped.
CTF for web exploitation. Pentesterlab is a great resource to start learning web penetration testing. The Hacker101 CTF provides a list of tasks aimed at developing web hacking skills. By solving them, you can get acquainted with most of the vulnerabilities of bug bounty programs – rewards for found bugs.
Reverse engineering. You can practice reverse engineering on the Crackme website, which has a lot of programs that you can try to crack.
Mixed CTFs. OverTheWire is a site for newbies in IT, where training starts with the basics of the command line and basic programming skills. The following offers a wide range of tasks to choose from: web security, binaries, reverse engineering.
Live CTFs. If you'd like to participate in a live CTF or Attack and Defense style CTF, visit CTFtime.org for a list of current and upcoming events.
Bug Bounty Platforms. Bug Bounty is a reward paid to developers who discover critical flaws in software. The reward is money, company equipment, or simply a place in the Hall of Fame.
The search for vulnerabilities can be conducted on the basis of a company or on a specialized platform. One of the most famous is Hackerone.