Hey, it's EdOverflow!
Anyone who has chatted with me about security or bug bounty probably knows by now that I am a big advocate for having your personal blog where you can share your bug bounty write-ups. Since many have requested that I write about how to get started setting up a blog, here is a collection of some of the most common questions and how to go about writing blog posts.
What should I write about?
Often when getting started, it can be quite daunting trying to come up with a subject to cover. Although this is easier said than done, I suggest you start with a small topic that only covers a specific subject. In other words, avoid setting out to write about topics such as browser security at first — browser security is a massive topic. Instead, focus on small concepts such as a specific security flaw you encountered on a bug bounty program. Make sure to get the program's permission to write about the security flaw before publishing your write-up — some bug bounty programs prohibit publishing reports.
How do you keep track of potential blog ideas?
The way I approach this is by having a small list of random security topics that I have learnt about or would love to explore while bug bounty hunting. In doing so, I find it much easier to come back to potential blog ideas at a later date.
Sometimes I also include a small abstract and pictures of something that might be interesting to write about. Found a quirky XSS flaw? Grab a screenshot and keep it safe for later in case you decide to write about it.
What tools should I use to create my personal blog?
Once again, simplicity is king here. I recommend using Jekyll and GitHub pages to get started with. You do not want to spend hours coding up a personal blog — that time could be used for writing actual content for the blog. If you want to find a beautiful theme for your blog, there is http://jekyllthemes.org/. Fork the theme of your choice on GitHub, and read up about GitHub pages here: https://pages.github.com/.
Where can I share my blog posts?
Twitter is a reliable option if you are looking for somewhere to share your blog posts. You can use #bugbounty and other relevant hashtags to get your blog posts seen by the bug bounty community.
This was a short newsletter, but I hope it acts as a good starting point for readers to start their own security blog.