u/Z3r0_DaY12

I have learnt basics for bug bounty like networking and web concepts.I want to get into actual bug bounty now.But there are too much information like there are different types of vulns like csrf, sqli, xss, etc. Should i learn all these before starting bug bounty?

How am i supposed to learn these like what should i learn when learning a bug.I do some stuff like changing the ids or username and get result in portswigger.How can i understand what is happening behind?.Most people on youtube understand when and where to do what stuff to get intended results. How do you get that level of thinking?

I want to get into bug bounty and cybersecurity but i have no idea what to learn. I see many roadmaps and try to follow it but all those roadmaps don't say how much to learn.

Most of them says learn html, js, sql, etc.

Learn networking and how web works and then do portswigger labs.

But how much am i supposed to learn. I know basic html, js, sql. Know some networking like how dns, tcp/ip works,Handshake, client-server model, etc.Is it enough or should i learn more before doing labs.Can you provide any resources.