

Our experienced professionals have helped organizations to secure their assets, improving trustworthy
We are specialists in Web Applications security testing (e.g. websites, portals, applications, etc.) but with a well-established and solid partners network we can easily cover any scope. We aim to protect our clients assets, mitigating the impact of compromised systems and information leaking. We partner with our clients, sharing the responsibility to protect their assets.
Specialized Training for Front-end and back-end developers, DevSecOps, and Pentesters.
Read MoreFocused Training for API developers, DevSecOps, Pentesters, and systems integrators
Read MoreIndependent security auditing is the best way to identify weaknesses. We offer penetration testing services (one-time-only or persistent) with required support to mitigate any security risks.
Every organisation needs a strong information security posture. We provide the necessary tools and services in establishing a channel to reduce the risk of data losses.
The human factor is still considered to be the primary risk in security. Our trainings empower organizations with the best information to defend itself against ever-evolving threats.
Banking, insurance, credit card companies, credit unions, savings, investment companies, brokerage firms, etc.
Biotechnology companies, pharmaceutical companies, clinics, hospitals, healthcare products manufacturers/sellers, etc.
Hardware, software, data centers, platforms, infrastructure, systems integrator, etc.
Social Media, video games, publishing, telecom equipment, telecom services, wireless communication, etc.
"Integration Tomorrow" is a one-day conference that brings together industry leaders, experts, and professionals to discuss the latest trends and advancements in integration solutions. With technology rapidly evolving, integration plays a crucial role in enabling seamless data exchange and process...
Have you ever wondered what it feels like to own a Ferrari? We did. Not the car itself, but access to their database credentials.
Following Ferrari Responsible Disclosure Program1 Char49 discovered a vulnerability on the media.ferrari.com subdomain. The vulnerability affected a popular Wordpres...
TOPdesk Single Sign-on integration based on SAML (Security Assertion Markup Language) was vulnerable to XML Signature Wrapping (XSW) attacks, allowing bad actors with credentials to authenticate with the Identity Provider (IdP) to impersonate any TOPdesk user, tampering with the SAML Response.
The...
Char49 recently discovered a security misconfiguration on a subdomain of an American multinational corporation (Top50 on the Fortune500) website: an exposed Symfony web framework debug endpoint leaking sensitive information.
In a nutshell, exposing Symfony Profile or any other web framework debug...