I’ve been doing some training boxes where the source code is generally available, thus it is easier to understand and spot the vulnerability. However, I wanted to understand the mindset of Black Box testing since I tend to jump to looking at the source code after like ten minutes :/
What do I expect?
What kind of information does the tester rely on?
Do we just push buttons and find something anomalous?
Do I need to have a lot of experience with developing web applications to make educated guesses? O_O (I’m still ready to put that extra effort)
I’m asking because this is a very beneficial skill for Bug Bounty Hunters and I aspire to be one someday. Any tips or resources will be appreciated 👍🏻