Hacking WebMethods: Legacy Systems, Modern Threats – Ryan Bonner

Hacking WebMethods: Legacy Systems, Modern Threats – Ryan Bonner

From The Security Repo by Mackenzie Jackson & Dwayne McDaniel

January 21, 2026 · 18 min

About this episode

Ryan Bonner discusses vulnerabilities in WebMethods and shares insights on improving enterprise security.

In this episode of the Security Repo Podcast, Ryan Bonner dives into his exploration of legacy enterprise integration platform WebMethods, revealing alarming vulnerabilities that allow unauthenticated access and even system shutdowns. He discusses how collaboration with Iceland’s top bug bounty hunter led him into this niche area of research, and shares practical advice for responsible disclosure and improving enterprise security hygiene. The conversation also touches on broader security culture, from overlooked credentials to the value of testing unconventional attack vectors. https://github.com/Roll4Combat/IntegrationSurfer https://www.linkedin.com/in/roll4combat/ Ryan 'Roll4Combat' Bonner is a penetration tester and educator who enjoys breaking things and sharing knowledge. By day, he's a Senior Cybersecurity Consultant, testing the defenses of web apps and corporate networks. By night, he dives into AI and bug bounty hunting A firm believer that we all get better by sharing, Ryan is a community speaker at events like BSides and DEF CON. He is committed to paying forward the mentorship that launched his career by helping others get their start in the community.

People in this episode

Hosts: Mackenzie Jackson, Dwayne McDaniel

Guest: Ryan Bonner

Topics covered

  • legacy systems
  • vulnerabilities
  • enterprise security
  • bug bounty hunting
  • responsible disclosure
  • security culture

Keywords

  • WebMethods
  • vulnerabilities
  • unauthenticated access
  • system shutdowns
  • bug bounty
  • penetration testing
  • security hygiene
  • attack vectors

Mentioned in this episode

Organizations: WebMethods, Iceland’s top bug bounty hunter, BSides, DEF CON

More episodes of The Security Repo

Explore listener stats, chart rankings, contacts and more on the The Security Repo podcast page.