Guiar en qué sentido. Primero has de descubrir el bug para tener algo que reportar. Las empresas conocidas tienen un programa de recompensa busca en Google si la empresa que estás evaluando aplica porque la inmensa mayoría de los bugs reportados acaban con palmadita en la espalda y sin recibir nada a cambio.

Libros:
-The Art of Software Security Assessment Identifying and Preventing Software Vulnerabilities.

-MySQL Cookbook Solutions for Database Developers and Administrators.

 https://leanpub.com/ltr101-breaking-into-infosec

-HandsOn Bug Hunting for Penetration Testers.

-Security for Web Developers Using javascript, HTML, and CSS.

-Haking Workshops Web Application Hacking Advanced SQL Injection and Data Store Attacks.

-Web for Pentester By Louis Nyffenegger.

-Java Platform, Security Developer's Guide.

-Cryptography and Network Security Principles and Practices.

-Introduction to Modern Cryptography.

-Anonymity, Hacking and Cloud Computing Forensic Challenges.

-Computer Hacking, Security Testing, Penetration Testing and Basic Security.

-Google Hacking for Penetration Testers.

-Gray Hat Hacking.

-Hacking The Art of Exploitation.

-Hacking The Art of Exploitation second edition.

-Mastering Kali Linux for Advanced Penetration Testing.

-Metasploit Penetration Testing Cookbook second edition.

-The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

-Penetration Testing a hands on introduction to hacking.

 Bug Bounty Hunting Essentials: Quick-paced Guide to Help White-hat Hackers Get Through Bug Bounty Programs

-The Shellcoders Handbook. second edition.

-Wireshark Network Analysis.

- https://leanpub.com/web-hacking-101

 https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents




Herramientas:

 http://netcat.sourceforge.net/

 https://www.wireshark.org/docs/

 https://fwhibbit.es/burp-suite-i-la-navaja-suiza-del-pentester

 https://www.metasploit.com/

 https://nmap.org/

 https://github.com/subfinder/subfinder

 http://blog.ironwasp.org/

 https://github.com/guelfoweb/knock

 https://github.com/OWASP/Amass

 https://github.com/aboul3la/Sublist3r

 https://github.com/michenriksen/aquatone

 https://github.com/techgaun/github-dorks

 https://github.com/techgaun/github-dorks/blob/master/github-dorks.txt

Links:
https://www.cvedetails.com

http://elladodelmal.blogspot.com/2009/03/serialized-sql-injection-parte-i-de-vi.html

https://www.attackflow.com/KnowledgeBase/

https://brutelogic.com.br/

 https://github.com/s0md3v/MyPapers/blob/master/Bypassing-XSS-detection-mechanisms/README.md

 https://www.pentestpartners.com/security-blog/lan-surfing-how-to-use-javascript-to-execute-arbitrary-code-on-routers/

 https://44con.com/44con-training/code-injections-from-beginner-to-advanced-for-defenders-and-attackers/

https://www.upguard.com/articles/top-20-owasp-vulnerabilities-and-how-to-fix-them?hs_amp=true

http://www.elladodelmal.com/2010/02/robotstxt-sitemapxml.html

 
https://portswigger.net/web-security/xxe

 https://www.netsparker.com/blog/web-security/crlf-http-header




Laboratorios, wargames y similares:
- https://xss-game.appspot.com

- https://xss-quiz.int21h.jp/

- warzone.elhacker.net

- hackthissite



Sitios para bug hunting:

 https://www.bugcrowd.com/

 https://www.hackerone.com/

 https://www.zerocopter.com/

 https://www.synack.com/

 https://cobalt.io/

 https://www.yeswehack.com/

 https://www.intigriti.com/

 https://www.vulnerability-lab.com/

Buscando la responsible disclosure policy de un sitio.



 https://bugbountyguide.com/hunters/proof-of-concepts.html

no de forma facil y sin arriestgarte a perderla en el proceso

por otro lado la ps4 como computadora es un hardware muy poco potente y eficiente