In this episode of the Security Repo Podcast, Ryan Bonner dives into his exploration of legacy enterprise integration platform WebMethods, revealing alarming vulnerabilities that allow unauthenticated access and even system shutdowns. He discusses how collaboration with Iceland’s top bug bounty hunter led him into this niche area of research, and shares practical advice for responsible disclosure and improving enterprise security hygiene. The conversation also touches on broader security culture, from overlooked credentials to the value of testing unconventional attack vectors.

https://github.com/Roll4Combat/IntegrationSurfer

https://www.linkedin.com/in/roll4combat/

Ryan 'Roll4Combat' Bonner is a penetration tester and educator who enjoys breaking things and sharing knowledge. By day, he's a Senior Cybersecurity Consultant, testing the defenses of web apps and corporate networks. By night, he dives into AI and bug bounty hunting

A firm believer that we all get better by sharing, Ryan is a community speaker at events like BSides and DEF CON. He is committed to paying forward the mentorship that launched his career by helping others get their start in the community.