Budget: 25000 EUR Deadline: 7 days
In terms of format, I can conduct an audit of Telegram bots with a check of logic, API, integrations, and a final report on risks. For the basic stage, the estimate is 30,000 UAH and 5-7 working days, if we are talking about 1-2 bots without a large internal ecosystem.
My approach is to first create a map of scenarios and entry points, then check authorization, roles, webhooks, data storage, payments, or external services, if they exist. I also look at business logic separately - that's usually where the most expensive errors live, not just the classic OWASP Top 10 =)
From you, I need access to the test environment or permission for a black-box check, a description of user roles, a list of integrations, and an understanding of whether I can view the code. Am I correct in understanding that a report with risk prioritization and recommendations for developers is needed, not just a list of identified issues?
I will clarify 2 details before providing an exact estimate:
> how many Telegram bots there are and if they have an admin panel or personal account
> whether there are payments, CRM, external APIs, or sensitive personal data
Similar engineering cases from Ingello:
> https://business.ingello.com/vorfahr - automation, agents, and integration logic, closely related in terms of risks of scenarios and external APIs
> https://business.ingello.com/platforma - corporate platform with roles, processes, and complex access logic
Ingello profile for the marketplace:
> https://systems-fl.ingello.com