Char49 offers a wide range of information security services with total confidentiality and reliability.

Our experienced professionals have helped organizations to secure their assets, improving trustworthy

We are specialists in Web Applications security testing (e.g. websites, portals, applications, etc.) but with a well-established and solid partners network we can easily cover any scope. We aim to protect our clients assets, mitigating the impact of compromised systems and information leaking. We partner with our clients, sharing the responsibility to protect their assets.


Recent Talks

Research featured on:


Independent security auditing is the best way to identify weaknesses. We offer penetration testing services (one-time-only or persistent) with required support to mitigate any security risks.


Every organisation needs a strong information security posture. We provide the necessary tools and services in establishing a channel to reduce the risk of data losses.


The human factor is still considered to be the primary risk in security. Our trainings empower organizations with the best information to defend itself against ever-evolving threats.


Char49 does real hands-on security

and not simply talk around security.

Learn about us

Recent articles

Vulnerability on

Our Security Ninja Miguel Regala found a vulnerability on It's a common problem of data exposure, without PII leak, but rarely found in production environment. Google security team gave a quick answer and in a very transparent process the bug was fixed in a short period of time. Mi...

Stored XSS in

Our team leader found a stored XSS in When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn't sani...

We got Adobe XSSed

When our security team leader started his path on HackerOne he started with Adobe bug bounty program. David already was present on their Security Acknowledgements list (2013) but he wanted to get a big company on his HackerOne profile so after a while he found a Reflected XSS (CWE-79) on their we...