
Hacking WebMethods: Legacy Systems, Modern Threats – Ryan Bonner
From The Security Repo by Mackenzie Jackson & Dwayne McDaniel
January 21, 2026 · 18 min
About this episode
Ryan Bonner discusses vulnerabilities in WebMethods and shares insights on improving enterprise security.
In this episode of the Security Repo Podcast, Ryan Bonner dives into his exploration of legacy enterprise integration platform WebMethods, revealing alarming vulnerabilities that allow unauthenticated access and even system shutdowns. He discusses how collaboration with Iceland’s top bug bounty hunter led him into this niche area of research, and shares practical advice for responsible disclosure and improving enterprise security hygiene. The conversation also touches on broader security culture, from overlooked credentials to the value of testing unconventional attack vectors. https://github.com/Roll4Combat/IntegrationSurfer https://www.linkedin.com/in/roll4combat/ Ryan 'Roll4Combat' Bonner is a penetration tester and educator who enjoys breaking things and sharing knowledge. By day, he's a Senior Cybersecurity Consultant, testing the defenses of web apps and corporate networks. By night, he dives into AI and bug bounty hunting A firm believer that we all get better by sharing, Ryan is a community speaker at events like BSides and DEF CON. He is committed to paying forward the mentorship that launched his career by helping others get their start in the community.
People in this episode
Hosts: Mackenzie Jackson, Dwayne McDaniel
Guest: Ryan Bonner
Topics covered
- legacy systems
- vulnerabilities
- enterprise security
- bug bounty hunting
- responsible disclosure
- security culture
Keywords
- WebMethods
- vulnerabilities
- unauthenticated access
- system shutdowns
- bug bounty
- penetration testing
- security hygiene
- attack vectors
Mentioned in this episode
Organizations: WebMethods, Iceland’s top bug bounty hunter, BSides, DEF CON
More episodes of The Security Repo
- AI, Automation, & Humans' Role In Security: A View From Rsac 2026 With Jeff Man and Dwayne McDaniel · April 1, 2026 · 43 min
- Avoiding Operational Chaos While Defending A Credit Union With Data Classification - John Wallace · March 25, 2026 · 20 min
- OIDC And IAP In Production: Scaling Startup Security For Deepfake Defense - Talia Smiley · March 18, 2026 · 20 min
- The PCI Ultimatum -Thrift Store OSINT, and "Lost Media" with Dwayne Edwards and Mike Radigan · March 17, 2026 · 22 min
- From Annual Checkbox To Continuous SDLC Testing: Operationalizing AI Pentests - Andy Dennis of XBow · March 13, 2026 · 20 min
- Why Compliance Isn’t Governance & How GovOps Rebuilds Trust Boundaries – Mike Schwartz · March 11, 2026 · 38 min
Explore listener stats, chart rankings, contacts and more on the The Security Repo podcast page.