Char49 offers a wide range of information security services with total confidentiality and reliability.

Our experienced professionals have helped organizations to secure their assets, improving trustworthy

We are specialists in Web Applications security testing (e.g. websites, portals, applications, etc.) but with a well-established and solid partners network we can easily cover any scope. We aim to protect our clients assets, mitigating the impact of compromised systems and information leaking. We partner with our clients, sharing the responsibility to protect their assets.

Research featured on:


Independent security auditing is the best way to identify weaknesses. We offer penetration testing services (one-time-only or persistent) with required support to mitigate any security risks.


Every organisation needs a strong information security posture. We provide the necessary tools and services in establishing a channel to reduce the risk of data losses.


The human factor is still considered to be the primary risk in security. Our trainings empower organizations with the best information to defend itself against ever-evolving threats.


Char49 does real hands-on security

and not simply talk around security.

Learn about us

Recent articles

API4:2019 Lack of Resources and Rate Limiting

API clients' requests cost, at least bandwidth, computation cycles, memory, and storage, not only from the API back-end server but, in most cases several other systems, such as database servers. API requests compete for these resources to be fulfilled as quickly as possible but, improper resources m...

API3:2019 Excessive Data Exposure

Either looking forward to generic implementations or due to short time-to-market, developers tend to expose all object properties (e.g. JSON), relying on clients (e.g. web front-end or mobile application) to filter relevant data to render. Quite often such data exposes system internals or personally...

API2:2019 Broken User Authentication

In case you're not aware of our OWASP API Security Top 10 series, you can find the articles here. Most APIs, special those that support web front-ends or mobile applications, include several authentication-related endpoints. Based on our experience, quite often APIs fail to tackle brute force atta...