WAHH → $ // bounty tracker

Web Application Hacker's Handbook × PortSwigger Academy — ordered by payout potential
Completed 0
Remaining 0
Labs total 0
Progress 0%
Learning Roadmap // background priority — behind machinist track + desk organizer
Phase 1 — Foundations (current)
WAHH chapters 1–5, 7 · Adaptive quiz per chapter · Install Burp Suite CE
Cost: $0
Phase 2 — Labs
PortSwigger Academy · Tier 2 money bugs first (SQLi, IDOR, SSRF, auth, XSS) · All Apprentice + Practitioner labs per topic
Cost: $0
Phase 3 — Practice Range
TryHackMe or HackTheBox · Beginner → intermediate paths · Start building recon scripts
Cost: ~$170/yr
Phase 4 — OSCP
PEN-200 course + labs + exam · Budget $249 retake · Pass within 2 attempts
Cost: ~$2,000
Phase 5 — Bounties
HackerOne / Bugcrowd · Wide-scope programs · First report = milestone, not first payout
Cost: $0
Total Investment
~$2,200 over 12–18 months · Phases 1–2 concurrent with bus driving + machinist work
Timeline: background priority, not primary track
Path: WAHH + PortSwigger (free) → TryHackMe/HTB ($14/mo) → OSCP (~$1,600) → HackerOne/Bugcrowd bounties
Links: PortSwigger Academy · All Labs · Learning Paths · HackerOne

Avg bounty: $1K–10K+ (high) $300–2K (med) $100–500 (low/support)