-
We are committed
to protect our clients. We are partners.Learn about us -
We can help improving
security and trustworthy.View our services
Char49 offers a wide range of information security services with total confidentiality and reliability.
Our experienced professionals have helped organizations to secure their assets, improving trustworthy
We are specialists in Web Applications security testing (e.g. websites, portals, applications, etc.) but with a well-established and solid partners network we can easily cover any scope. We aim to protect our clients assets, mitigating the impact of compromised systems and information leaking. We partner with our clients, sharing the responsibility to protect their assets.
Training
Web Application Secure Coding
Specialized Training for Front-end and back-end developers, DevSecOps, and Pentesters.
Read More
APIs Secure Coding
Focused Training for API developers, DevSecOps, Pentesters, and systems integrators
Read MoreRecent Talks
Research featured on:
Auditing
Independent security auditing is the best way to identify weaknesses. We offer penetration testing services (one-time-only or persistent) with required support to mitigate any security risks.
Consulting
Every organisation needs a strong information security posture. We provide the necessary tools and services in establishing a channel to reduce the risk of data losses.
Training
The human factor is still considered to be the primary risk in security. Our trainings empower organizations with the best information to defend itself against ever-evolving threats.
Clients
Financial Services
Banking, insurance, credit card companies, credit unions, savings, investment companies, brokerage firms, etc.
Healthcare
Biotechnology companies, pharmaceutical companies, clinics, hospitals, healthcare products manufacturers/sellers, etc.
Information Technology
Hardware, software, data centers, platforms, infrastructure, systems integrator, etc.
Media & Telecommunications
Social Media, video games, publishing, telecom equipment, telecom services, wireless communication, etc.
Recent articles
18
May
Char49 at "Integration Tomorrow": The importance of cybersecurity in the context of integration
"Integration Tomorrow" is a one-day conference that brings together industry leaders, experts, and professionals to discuss the latest trends and advancements in integration solutions. With technology rapidly evolving, integration plays a crucial role in enabling seamless data exchange and process...
12
May
We don’t have a Ferrari, but we had their database credentials
Have you ever wondered what it feels like to own a Ferrari? We did. Not the car itself, but access to their database credentials.
Following Ferrari Responsible Disclosure Program1 Char49 discovered a vulnerability on the media.ferrari.com subdomain. The vulnerability affected a popular Wordpres...
12
Apr
TOPdesk vulnerable to XML Signature Wrapping Attacks
TOPdesk Single Sign-on integration based on SAML (Security Assertion Markup Language) was vulnerable to XML Signature Wrapping (XSW) attacks, allowing bad actors with credentials to authenticate with the Identity Provider (IdP) to impersonate any TOPdesk user, tampering with the SAML Response.
The...
04
Apr
Misconfiguration in a bottle: Symfony Profiler exposed
Char49 recently discovered a security misconfiguration on a subdomain of an American multinational corporation (Top50 on the Fortune500) website: an exposed Symfony web framework debug endpoint leaking sensitive information.
In a nutshell, exposing Symfony Profile or any other web framework debug...