To be honest, Its important to learn som basic stuff before actually start hacking things.
- Learn Some Basic Web Developing Programming like (HTML,Javascripts and PHP)
- Learn Some Basic networking concepts like (TCP/IP,DNS,CDN's etc)
- Learn How Browsers work (SOP,CSP, etc)
- Then Start reading "Web Hacking Handbook" and "OWASP Testing Guide"
- Then Join One of the Hacking Playforms (Hackerone or BugCorwd)
I have created an roadmap to be fallowed if you are new to bug bounties, Have a look at it here https://github.com/imran-parray/Bug-Bounty-Resources/blob/master/README.md
TIP: Always remember you need to learn basic things first then move to actualy hacking stuff.
Hope this helps , Your Mentor
Finish all of this and you will rock the stage https://github.com/imran-parray/Bug-Bounty-Resources/blob/master/README.md
Regarding Books, I think you should start reading
- Owasp Testin guide
- Web hacking Handbook
- Web Hacking 101
Then Read some reports on Hackerone and try to find the same bugs on other bounty programs as well Hope this helps , Your Mentor
If you know how to Find bugs but you havn't found alot of bugs yet. Let me tell you somethig "The master of all is the master of none" . As far my personal openion it important to master atleast one bug and have basic knowledge about all other bugs.
So master atleast one bug and have moderate knowledge about other bugs.
Hope this helps , Your Mentor
to be honest kali is a nice OS but its not necessary to user Kali for Hacking. Even i found most of the tools useless which are preinstalled on kali linux. The most important tools for hacking web apps are "Browsers" and "Burpsuite". So i would suggest you to start with any OS (kali or Non-Kali).
Hope this helps , Your Mentor
That great, As you already good knowledge about Web development its going to alot beneficial for you while hacking web apps. All you have to do is start reading some of the Bugs and try to replicate the same process on Bug Bounty targets.
I would recomeded you by start reading the fallowing books (You can fallow any order)
- Owasp Testing guide
- Web hacking Handbook
- Web Hacking 101
TIP: Dont stuck too much with reading process, Keep reading new stuff and keep applying it at the same time.
Hope this helps , Your Mentor