Nowadays, there are books specifically about bug bounty hunting, but bearing in mind this is a book about bug bounty hunting, I think it is not the first place to start to learn about bug bounty hunting. It is preferable to start learning the basics of formal security assessments and then move into the bug bounty hunting world.

Why? Well, the bug bounty hunter's scope is limited, and a hunter sometimes has a different approach from formal security assessment. It is important to remember that bug bounties cannot supply the normal security testing phases in a secure software development life cycle (SDLC). Bug bounties are another phase in the security model and have a different purpose altogether.

So, the books listed in this section are not bug bounty hunter books, but security assessment books.