How best can i become an Ethical Hacker, what steps, lessons and attitude should i have?

bug bounty hunters try and find bugs, but in ways that comply with a companies bug bounty guidelines. its about finding an exploitation, and showing the steps it can be done in a report to the company. if you're lucky, you may get a hefty sum of money from them! however there have been cases where a bug hunter went too far, planting their own stuff, where its gotten the companies angry. and for those companies without bug bounty programs, you may even find a paradoxical outcome of "thanks for finding the bug, but we're going to sue you!". that happens because not all companies are aware of bugbounties, and assume you're a blackhat. these cases are usually bad pr for the companies, so it's not something you can't do. learn sql, sql injections, javascript. there are programs bug bounty hunters use but I forget. these are usually for sites but it can be for programs and apps too.

It's not all fun and games; it's real, serious work, clients will interfere with you (or try to get you to omit something they'd rather you didn't report) and you need to like research. A couple things to emphasize: 1. Errors and Omissions Insurance (I'd be surprised if it isn't required). When you understand why you need it, you'll understand a little more about the dangers of this profession. 2. Larger companies (that may be... friendly ...towards you) often have lots of customers under their umbrella. Example: In the US DoD bug bounty guidelines, they're clear on what you may test (get used to this) -- and they'll inform you that as long as you follow all the rules, they promise not to sue you -- but make zero guarantees what their customers will do. See point 1. I'm not trying to discourage you, as there are legitimate certification paths + safe practice zones, I'm just pointing to the label that reads: this is not a toy.

In my opinion, there is no such thing as an ethical hacker, just because of how the media and society picture anyone that deconstructs or breaks into any system as BAD. My advice would be to look up malicious practices online learn from them and use them for the better good of online users. One thing I would recommend is trying the hacks on your own hardware and learning from your own mistakes; you don't want to hack someone to help and fail, even if you're an ethical hacker with your white hat on people will view you as a criminal. According to the media you're either a mindless and loyal Software developer that works for a corporation or a malicious hacker living in your mums basement.

Try those "Hacking tutorials" on youtube. And also you should have a VPN.