LEGIT Make Money Hacking Apps and Websites… Legally! Here’s How


Rookie Wordsmith
May 16, 2018
Make Money Hacking Apps and Websites Legally! Here’s How.jpg

Have you ever seen the code of a website or app? As and English major, code is a thing of beauty. I think a well-written program is just as beautiful and eloquent as a piece of classic literature.

But while books have editors, I’ve always wondered, who is tasked with testing out a system’s code? The amount of code behind an app or program is staggering. For example, Facebook has 61 million lines of code. As if that number wasn’t high enough, Google runs on 2 billion (yes, billion) lines of code.

That’s a lot of information (which is a gross understatement) to analyze. It turns out companies regularly hire developers - and sometimes even regular people - to spot various problems within a system. These problems include anything from simply bugs to potentially disastrous system vulnerabilities.

I’m sure companies like Google and Facebook have in-house teams for this purpose. But there are a lot of third-party companies that assist other companies or provide “bounties” (cash payouts) whenever a person spots a problem with a site.

If you’ve got some computer and programming skills, I’ll be listing the companies you can use to earn. But first, let’s discuss ethical hacking.

What is “Ethical” Hacking?

Ethical, or white-hat, hacking is the opposite of the common perception of hackers. Hackers are usually seen as trouble-making digital deviants. Their activities are usually just mischievous, but can also have serious repercussions on business and even national security.

Ethical hackers try to improve computer systems, not take them down. They use their hacking knowledge to spot vulnerabilities, then work with the owners or admins to improve the security of those systems.

On the lower end of the tech scale, this activity can also include spotting bugs or faulty programming within the system. It’s no less important, though. Since websites and programs (like Facebook and Google, which I mentioned earlier) have so many lines of code, they need ethical hackers to scour through their systems and find problems that need fixing.

And with that out of the way, here are some companies that let you earn by spotting bugs and other problems!


Website: https://cobalt.io

Cobalt is a newcomer to the scene, but they’re pretty legit. They’ve got some pretty big clients from the tech world, including Weebly, Optimizely, LendInvest, Auctionata, and Nexmo.

Whenever you spot a bug for the websites they work with, you can earn a bounty ranging anywhere from $100 to $1,000! Payment is sent via PayPal or Bitcoin, within 30 days of the time you reported the bug.

You can also level-up your participation and be a security researcher. The job is a bit more involved, and to get hired you will have to pass an intensive screening and testing process.



HackerOne is one of the largest sites in the industry. They count a number of Fortune 500 and Forbes Global 1,000 companies as clients. Being a giant in the industry leads to large payouts, too. They’ve since distributed a total of over $10 million in bug bounties to members of their hacking community.

As big as the company is, you don’t have to be a “leet” hacker… or even a hacker at all, to work for them. They have a pretty kickass community that enables noobs looking to participate in the digital security industry.


Website: https://www.synack.com

Synack is a pretty big deal. The founders of the company are former NSA operatives, which gives the company an impeccable security pedigree. Synack has handled some pretty major clients, including the Department of Defense and the Internal Revenue Service

Synack considers itself the “First Hacker-Powered Vulnerability Management Platform.” I’m not sure if that’s accurate, but I’m not about to argue with a bunch of former NSA agents!

To work for them, you’ll have to pass an online application. When accepted, you can become part of The Synack Red Team (SRT).

They have a pretty robust payment system and fast processing. Payouts for bugs are usually sent out within a day. So far, the largest amount paid was $24,000! They also have perks for their top-performing members.


Website: https://bugcrowd.com

Bugcrowd is an OG in the industry, and has since amassed a user base of over 22,000 hackers. They’ve paid over $1 million in bounty over the years, and have worked with some of the most familiar companies in the world, including:
  • Western Union
  • MasterCard
  • Spotify
  • Microsoft
  • Tumblr
  • Pinterest
  • Fitbit
They’ve got a pretty awesome bounty program. Bounty is sent out the Wednesday after you made your report, and is sent through PayPal or Payoneer.

The Verdict: Legit or Scam?

All these companies are legit! They’re not just legit, they’re elite. The each play a significant role in maintaining the security of the computer systems that the world relies on.

Your Turn

Now it’s your turn to share! Have you worked as a white-hat hacker? What were your experiences like?

Let’s hear your stories!


Bronze Wordsmith
Apr 16, 2018
Great list, sadly I do not have any skills that could help me make money towards this. But I know that Microsoft, Google with Chrome and Mozilla with Firefox all have bug hunter programs as well. So if one got the skills those would also be worth checking out.


Rookie Wordsmith
Jun 13, 2018
Yeah, this is pretty specialized stuff. But man, would it be awesome if I had the skills to participate in that sort of thing.


Rookie Wordsmith
Jun 14, 2018
My technical skills are very basic but this is a great way of earning for anyone who does have this kind of skill. It's worth knowing that there are good hackers who can help out as well as the deviant hackers which we all tend to think of when the word is mentioned.


Rookie Wordsmith
Jun 6, 2018
These are the kind of sites I have been looking for. I tried explaining this to people but that said its risky. I think I'll try the first one but I'll PM for some things I still don't understand well.