Char49 offers a wide range of information security services with total confidentiality and reliability.

Our experienced professionals have helped organizations to secure their assets, improving trustworthy

We are specialists in Web Applications security testing (e.g. websites, portals, applications, etc.) but with a well-established and solid partners network we can easily cover any scope. We aim to protect our clients assets, mitigating the impact of compromised systems and information leaking. We partner with our clients, sharing the responsibility to protect their assets.

Recent Talks

APISecure 2022

  • Title: Evolution of the OWASP API Security Top 10
  • Speakers: Paulo Silva

APISecure 2022

  • Title: Hacking APIs 101 with MindAPI
  • Speakers: David Sopas

RSA Conference 2021

  • Title: MindAPI - Bringing Organization to API Security Testing
  • Speakers: David Sopas

Research featured on:


Independent security auditing is the best way to identify weaknesses. We offer penetration testing services (one-time-only or persistent) with required support to mitigate any security risks.


Every organisation needs a strong information security posture. We provide the necessary tools and services in establishing a channel to reduce the risk of data losses.


The human factor is still considered to be the primary risk in security. Our trainings empower organizations with the best information to defend itself against ever-evolving threats.


Char49 does real hands-on security

and not simply talk around security.

Learn about us

Recent articles

Exciting October

Last October we attended several events of the infosec community, either in the organization or as speakers, which was a great honor and a real pleasure for the whole team.

We were in San Jose, California at API World, the world's largest API conference with 4000+ attendees from 30+ countries an...

BSidesLisbon is back!

On the 10th and 11th of November, the Auditorium of the Faculty of Dental Medicine, University of Lisbon (FMD-UL) receives BSidesLisbon, the premier technical information security conference in Portugal. Already in its 6th edition, it's a community organized, not for profit, conference started i...

The SpaceDoodles NFT Scam

There are a lot of NFT scams all over the web but caught our attention.

This 6 days old domain hosts a web page with the name and picture of Gary Vee, a popular Business Angel, and Steve Aoki, the popular DJ. We’re pretty sure that the scammers used both their images to trick...