The mission of Academy’s Bug Bounty Hunter job-role path that leads to HTB CBBH (HTB Certified Bug Bounty Hunter) is to teach you, guide you and prepare you for the final exam. Any beginner can start practising on the related modules and build their knowledge on web attacks.

More experienced professionals can also benefit from both the Bug Bounty Hunter job-role path and the CBBH exam, as they can help them learn new tricks related to web attacks and gain additional hands-on experience.

The main focus of this certification is to be realistic, so anyone can automatically apply what they learn in their field, regardless of it being penetration testing, defending websites or bug hunting.

There are some prerequisites around web application/web request fundamentals and basic penetration testing, but the Bug Bounty Hunter job-role path is designed to provide a guided learning experience to deliver the notions required to successfully take the exam and be a certified bug bounty hunter!

A certification is not a mandatory prerequisite to become a Bug Bounty Hunter or practice any other cybersecurity role, but a great asset if you are looking to learn new skills in a structured way and prove your knowledge to potential employers. Here is our take:

• IT Security certifications do not define an individual, but they verify their skills for a specific job role.
• A well structured and highly practical training program that results in a certification can greatly flatten the steep learning curve related to cybersecurity topics/domains and also provide you with hands-on experience.
• A certification from a credible cybersecurity certification vendor could be used to prove to a potential employer that both your skills and professionalism have been successfully put to the test.
• A certification can be an incentive to remain on track and focussed during your studying.

Hack The Box is a trusted, highly respected, and community-backed IT security training vendor, with a long history in the domain. The training standards of the company are set quite high and this applies to all offerings, machines, challenges, Pro Labs, and now, the certifications.

Through the years, Hack The Box has been a training partner of major organisations, government/military agencies, and academic institutions worldwide. We plan to continue being a trusted training partner, and also provide certification services from now on, while retaining the same level of content-excellence, quality, and integrity.

To prepare effectively for the CBBH program, consider the following recommendations:

Access to HTB Academy’s content is vital for your participation in this course. A discount voucher will be provided to you upon registration via e-mail, which you can use to activate your subscription to HTB Academy.

The following modules are specifically chosen to provide a strong foundational understanding and skill set, which are critical for your success in the seminar and future endeavors in penetration testing:
1. Introduction to Academy: This module provides an overview of the Academy platform and guides on how to effectively utilize it for self-training, setting the foundation for your learning journey.
2. Linux Fundamentals: Essential for cybersecurity, this module offers in-depth training in Linux, covering its structure, shell usage, and system administration, complete with practical exercises and an assessment to solidify your understanding.
3. Learning Process: Focusing on the learning journey, this module covers aspects such as mindset, efficiency, organization, and coping with frustration, crucial for excelling in the information security field.

HTB Certified Bug Bounty Hunter (HTB CBBH) is a certification tailored for individuals aiming to validate their technical expertise in bug bounty hunting and web application penetration testing. Prerequisites for successful certification include:

• Interpretation of a letter of engagement.
• Intermediate knowledge in penetration testing of web applications, web services, and APIs.
• Experience in both static and dynamic analysis of web applications and web services.
• Skills in identifying, analyzing, and exploiting various classes of web vulnerabilities.
• Effective communication and professional reporting of vulnerabilities.

Yes, you can access all Tier 0 modules of the Bug Bounty Hunter job-role path completely free of charge. This means that you can start the path for free, and once you get going and feel like the rest of the path suits your learning objectives, you can choose any of the available pricing options.

If you are a student, you are also eligible for a great discount. Please refer to the “Pricing” tab to discover all available pricing options.

No, all individuals who desire to obtain HTB CBBH must complete the entire Bug Bounty Hunter job-role path, which consists of 20 modules. Each module comes with its own hands-on exercises and skills assessment (at the end) that you must complete to prove your understanding of the presented topics, before going for the exam.

Find below the facts that differentiate HTB Certified Bug Bounty Hunter (HTB CBBH) from standard certifications:

• Continuous Evaluation – To be eligible to start the examination process, one must have completed all modules of the “Bug Bounty Hunter” job-role path 100% first. Each module in the path comes with its own hands-on skills assessment at the end that students must complete to prove their understanding of the presented topics. The answers to the skills assessment exercises are not provided. Evaluation takes place throughout the journey, not only during the examination!
• Hands-on & Real-world Exam Environment – HTB Certified Bug Bounty Hunter (HTB CBBH) candidates will be required to perform actual bug hunting activities against multiple real-world applications. HTB certifications are not based on and do not include multiple-choice questions!
• Outside-the-box Thinking & Vulnerability Chaining –HTB Certified Bug Bounty Hunter (HTB CBBH) candidates will be required to think outside the box and chain multiple vulnerabilities to achieve the exam’s objectives. Like in real-world engagements, creativity, and in-depth knowledge will be necessary for a successful outcome.
• Commercial-grade Report Requirement – Successfully completing all bug bounty hunting activities is not enough to obtain the HTB Certified Bug Bounty Hunter (HTB CBBH) certification. Candidates will also be required to compose a commercial-grade report as part of their evaluation. HTB Certified Bug Bounty Hunter candidates will have to prove they are market-ready and client-centric professionals.
• Seamless Experience Powered By Pwnbox – The entire exam and certification process can be conducted through the candidates’ browser, from start to finish. All bug bounty hunting activities can be performed via the provided and in-browser Pwnbox. There are no infrastructural or tool requirements.

HTB certifications are on Credly! By the time you successfully complete the HTB CBBH exam and claim your certificate, CBBH’s digital badge will arrive on your email. Accept it and share it on your social media, so that third parties can verify your obtained skills!

• The Bug Bounty Hunter job-role path and the associated certification (HTB Certified Bug Bounty Hunter) were designed to help you learn, practice, and master web attacks. Both the path and the certification are not oriented only towards bug bounty hunters though. If you are a penetration tester or just a curious individual with a thirst for web hacking, this is the certification to go for! The name is only to represent the huge range of knowledge covered by this initiative.
• Both the Bug Bounty Hunter job-role path and HTB CBBH are oriented towards juniors. A junior-level individual may not be able to secure a web app penetration job in the market from day one, but they could start gaining experience and solidifying their knowledge by participating in bug bounty programs.
• Bug bounty hunters are known for being extremely effective and efficient web penetration testers, who know how to think out of the box and showcase the maximum impact of a vulnerability. A company could benefit from hiring a (certified) bug bounty hunter to continuously assess its web assets.