• Projects 30
  • Rating 5.0
  • Rating 5 747

Budget: 25000 EUR Deadline: 7 days

In terms of format, I can conduct an audit of Telegram bots with a check of logic, API, integrations, and a final report on risks. For the basic stage, the estimate is 30,000 UAH and 5-7 working days, if we are talking about 1-2 bots without a large internal ecosystem.

My approach is to first create a map of scenarios and entry points, then check authorization, roles, webhooks, data storage, payments, or external services, if they exist. I also look at business logic separately - that's usually where the most expensive errors live, not just the classic OWASP Top 10 =)

From you, I need access to the test environment or permission for a black-box check, a description of user roles, a list of integrations, and an understanding of whether I can view the code. Am I correct in understanding that a report with risk prioritization and recommendations for developers is needed, not just a list of identified issues?

I will clarify 2 details before providing an exact estimate:
> how many Telegram bots there are and if they have an admin panel or personal account
> whether there are payments, CRM, external APIs, or sensitive personal data

Mobile app with admin
  • Projects -
  • Rating -
  • Rating 561

Budget: 100 EUR Deadline: 3 days

Alexey, I will help check the Telegram bot specifically as an attack surface: the logic of scenarios, API, authorization, and integrations. I look for not only obvious bugs but also typical OWASP/API security risks — from privilege escalation to leaks through webhooks and external services. I have 7 years of experience in web services and mobile products, so I quickly identify weak points and prepare a clear report with priorities and recommendations. I am ready to discuss the details of the test.

Advertising exchange in Telegram Vortex (Vue.js + Laravel)
  • Projects 7
  • Rating 5.0
  • Rating 1 620

Budget: 25 EUR Deadline: 2 days

Good day, Alexey!

I specialize in the security of Telegram bots and their APIs — I will conduct a pentest on the matter, without any fluff.

What I will check:
• Bot logic: authorization by chat_id/user_id, IDOR (access to others' data), bypassing scenarios and states, injections in commands and user input.
• API and webhooks: endpoint authentication, data leaks, lack of rate-limiting, request forgery, secrets in traffic.
• Integrations and third-party services: token security, error handling, leaks through logs and responses.
• Methodology: OWASP Top 10 and OWASP API Security Top 10.

  • Projects 20
  • Rating -
  • Rating 2 116

Budget: 40 EUR Deadline: 3 days

I understand the task: testing the security of Telegram bots, searching for vulnerabilities in logic, API, and integrations, and providing a report with risks and recommendations.

I will approach this from the perspective of someone who builds such bots, so I know where they usually leak: lack of verification that the update came specifically from Telegram and from the correct user, IDOR in callback_data and parameters (when someone can extract another person's data using their ID), trust in data from the update without validation, token and secret leaks in logs, injections in database queries, holes in admin commands, unprotected internal APIs that the bot accesses, and logic that can be bypassed by substituting a step in the dialogue.

Regarding the process: analyzing the attack surface of the bot and its integrations, checking against OWASP Top 10 and API security, running logic for bypass and abuse, then providing a report with risk prioritization and specific recommendations for fixes, rather than general statements.

Please let me know: how many bots there are and what they are written in, and whether they have their own backend and admin panel, or if all logic is within the bot itself? This will determine the depth of the integration checks.

  • Projects -
  • Rating -
  • Rating 137

Budget: 50 EUR Deadline: 2 days

Hello. I am ready to take on your order. I have experience in application security, API testing, and finding vulnerabilities in Telegram bots and web services. I have conducted checks on application logic, API integrations, authorization, user data processing, and looked for issues such as those listed in the OWASP Top 10.
For your project, I will conduct an audit of the Telegram bot: I will check for vulnerabilities in the logic, API, integrations with external services, possible bypasses of restrictions, access issues, data processing problems, etc.
After testing, I will prepare a clear report with identified risks, severity levels, and recommendations for remediation. I can even fix the issues myself.
I use tools like Burp Suite, Postman, OWASP ZAP, API analysis, and manual logic testing. I mainly test manually.
In terms of timing, approximately 2–4 days, depending on the size of the project and the number of integrations.
As for the cost, $50-80.

  • Projects -
  • Rating -
  • Rating 345

Budget: 150 EUR Deadline: 5 days

Good day.

I am a QA Engineer with practical experience in testing APIs, integrations, business logic, and authorization scenarios. I can assist with security testing of Telegram bots within the framework of black-box / functional security testing.

What I can check:

* the logic of the Telegram bot and the possibility of bypassing expected scenarios;
* authorization and access to features;
* API requests, integrations, and error handling;
* validation of input data;

  • Projects -
  • Rating -
  • Rating 306

Budget: 25 EUR Deadline: 1 day

Hello, Alexey!

I specialize in the security of Telegram bots and their APIs — I will conduct a pentest on the matter, without any fluff.

What I will check:
• Bot logic: authorization by chat_id/user_id, IDOR (access to others' data), bypassing scenarios and states, injections in commands and user input.
• API and webhooks: endpoint authentication, data leaks, lack of rate-limit, request forgery, secrets in traffic.
• Integrations and third-party services: token security, error handling, leaks through logs and responses.
• Methodology: OWASP Top 10 and OWASP API Security Top 10.

  • Projects -
  • Rating -
  • Rating 111

Budget: 25 EUR Deadline: 3 days

Hello!

I am interested in the task of testing the security of Telegram bots. I possess the necessary skill set to conduct a quality analysis and find vulnerabilities.

Why I am suitable for this task:

Deep understanding of architecture: I actively work with APIs and network protocols, which allows me to see vulnerabilities at the implementation level (logic, improper input handling, insecure APIs).

Technical background: I have experience in development with Python/Java/C++, which helps me quickly analyze the bot's source code and find hidden bugs in the logic that are not accessible during regular "black box" testing.

  • Projects -
  • Rating -
  • Rating 148

Budget: 30 EUR Deadline: 1 day

Good day, Alexey!

I see you have also posted a project on load testing — I am ready to take both on a turnkey basis, as they logically complement each other.

Regarding the pentest:

I will check for typical vulnerabilities in Telegram bots:

IDOR via chat_id / user_id — unauthorized access to others' data
Injection in user inputs (SQL, command injection)

  • Projects 24
  • Rating 5.0
  • Rating 2 006

Budget: 12345 EUR Deadline: 3 days

Hello. Does the bot use external APIs or third-party services for data processing?

I will clarify the details regarding deadlines and budget in personal correspondence.

Here’s how I will execute this project:
1. I will conduct a manual and automated analysis of the bot's logic and its commands.
2. I will test the API endpoints and integrations for data leaks and injections.
3. I will compile a report describing the identified risks, their criticality, and specific recommendations.

Thank you for considering my proposal. I look forward to the opportunity to collaborate with you!

  • Projects 11
  • Rating 5.0
  • Rating 1 773

Budget: 15000 EUR Deadline: 7 days

Good day! We have experience in conducting pentests for bots and integrations. We implement checks through API analysis, search for logical vulnerabilities, and assess risks according to OWASP. We will provide a detailed report with practical recommendations for addressing identified threats. We are ready to start the security audit of your project in the near future.

Proposals concealed

The list does not show proposals concealed by the client or freelancer with a Plus profile, as well as proposals violating rules

Current freelance projects in the category Testing & QA

7 July
7 July
7 July
2 July