Dear friends, I am working in security industry since almost 10 years (mostly as consultant and presales positions for vendors). At the latest months I was getting extremely bored & I had some time on my hands.
I am planning to invest my time into bug bounty programs and web / application security testing. My question is: I feel like most of the low-hanging fruits are covered by automated tools like Burp Suite Pro, and for a beginner on this field it does not seem possible to have any meaningful outcome. I know that I think like this because I don't believe I can outsmart millions of USD's of security software investments from biggest vendors, and this is preventing me to continue.
How did you started, and how did it go? Does my feelings are right, or am I exaggerating? Assume that me, as a newcomer, and you, as a person who has automated vulnerability scanner, testing the same website, do I have a chance?