Char49 offers a wide range of information security services with total confidentiality and reliability.

Our experienced professionals have helped organizations to secure their assets, improving trustworthy

We are specialists in Web Applications security testing (e.g. websites, portals, applications, etc.) but with a well-established and solid partners network we can easily cover any scope. We aim to protect our clients assets, mitigating the impact of compromised systems and information leaking. We partner with our clients, sharing the responsibility to protect their assets.

Training

Recent Talks

APISecure 2022

  • Title: Evolution of the OWASP API Security Top 10
  • Speakers: Paulo Silva

APISecure 2022

  • Title: Hacking APIs 101 with MindAPI
  • Speakers: David Sopas

RSA Conference 2021

  • Title: MindAPI - Bringing Organization to API Security Testing
  • Speakers: David Sopas

Research featured on:

Auditing

Independent security auditing is the best way to identify weaknesses. We offer penetration testing services (one-time-only or persistent) with required support to mitigate any security risks.

Consulting

Every organisation needs a strong information security posture. We provide the necessary tools and services in establishing a channel to reduce the risk of data losses.

Training

The human factor is still considered to be the primary risk in security. Our trainings empower organizations with the best information to defend itself against ever-evolving threats.

Clients

Char49 does real hands-on security

and not simply talk around security.

Learn about us

Recent articles

Guardians of the Gateway: Unveiling API Security Secrets

In today's digital landscape, Application Programming Interfaces (APIs) serve as the connective tissue that enables seamless data and service exchanges between applications and businesses. However, with this great power comes great responsibility, as API security has become a critical concern. To ad...

Subdomain Takeover in a (charmy) Box

This is not the first time we write about subdomain takeover and probably it won’t be the last. Every time we find a subdomain takeover we ask ourselves “How big is this (assets management) problem?”. This time we decided to answer our own question but we got caught in the rabbit hole where we met...

BSIDES Lisbon 2023

In the rapidly evolving landscape of information security, some conferences stand out as pivotal hubs for knowledge exchange, collaboration, and networking. One such beacon in Portugal is BSidesLisbon, the premier technical information security conference. Now in its 8th edition, this community-or...