For those new to the world of ethical hacking known as “bug bounties”, here are the five easiest bugs to start looking for that will help you earn your first points or monetary rewards; some platforms even offer guarantees for first-time findings.
Called information disclosure or sensitive data exposure, it happens when developers leave sensitive information lying around such as API keys, access tokens, passwords, and internal IP addresses, which can be easily accessed through the source code in HTML or JavaScript files, or in folders like .git, .env, or .bak.
Basically, it is the easiest to find because all it takes is a right-click and a view of the source code to spot these important credentials that should never be exposed and could lead to full system takes.
Doing this in responsible and ethical ways can earn a beginner bug bounty hunter some accolades and rewards.