This 3-hour workshop will guide participants through the practical differences between pentesting and bug bounties, and dive into modern techniques for finding unidentified bugs such as postMessage XSS, OAuth misconfigurations, Broken Access Control, Business Logic flaws and more. Attendees will also learn the essentials of CVSS scoring and the art of effective report writing. The session will close with an open Q&A to clarify concepts and share insights.