Hey, it's EdOverflow!


Anyone who has chatted with me about security or bug bounty probably knows by now that I am a big advocate for having your personal blog where you can share your bug bounty write-ups. Since many have requested that I write about how to get started setting up a blog, here is a collection of some of the most common questions and how to go about writing blog posts.


What should I write about?

Often when getting started, it can be quite daunting trying to come up with a subject to cover. Although this is easier said than done, I suggest you start with a small topic that only covers a specific subject. In other words, avoid setting out to write about topics such as browser security at first — browser security is a massive topic. Instead, focus on small concepts such as a specific security flaw you encountered on a bug bounty program. Make sure to get the program's permission to write about the security flaw before publishing your write-up — some bug bounty programs prohibit publishing reports.


How do you keep track of potential blog ideas?

The way I approach this is by having a small list of random security topics that I have learnt about or would love to explore while bug bounty hunting. In doing so, I find it much easier to come back to potential blog ideas at a later date.

Sometimes I also include a small abstract and pictures of something that might be interesting to write about. Found a quirky XSS flaw? Grab a screenshot and keep it safe for later in case you decide to write about it.

What tools should I use to create my personal blog?

Once again, simplicity is king here. I recommend using Jekyll and GitHub pages to get started with. You do not want to spend hours coding up a personal blog — that time could be used for writing actual content for the blog. If you want to find a beautiful theme for your blog, there is Fork the theme of your choice on GitHub, and read up about GitHub pages here:


Where can I share my blog posts?

Twitter is a reliable option if you are looking for somewhere to share your blog posts. You can use #bugbounty and other relevant hashtags to get your blog posts seen by the bug bounty community.


This was a short newsletter, but I hope it acts as a good starting point for readers to start their own security blog.

Support my work

If you enjoy reading my write-ups and would like to support my work, please check out my "Buy me a coffee" page. By supporting me, you allow me to continue sharing research and keep my blog ad-free. You can get more bug bounty tips and tricks at Thank you for your support. :)
Buy Me A Coffee ☕
To make sure you get future emails add to your contact list. Even if this email isn't in spam now it could easily end up there in the future. If you’re using Gmail drag this email from your “Promotions” folder to your “Primary” folder.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
EdOverflow · Zürich · Zürich 8092 · Switzerland

Email Marketing Powered by Mailchimp