Securi-Tay 2026

Daniela Schoeffmann will be presenting: Build, Extend, Hack – Burp Suite Extension Survival Guide

Burp Suite is one of the most powerful tools for web application security testing, not just because of its native features but also for its extendibility.

This talk explores Burp Suite’s extensibility and shows you how to go beyond the defaults to create tools tailored to your workflow. We’ll start with the basics: what Burp Suite is and why it’s essential for security testing, we’ll dive into the two available APIs, Legacy and Montoya and understand their differences. Next, you’ll get more practical information on how to set up your development environment for Python (via Jython) and Java, exploring common extension components like custom vulnerability scan items, HTTP listeners, proxy hooks, context menus, custom tabs, and more. Along the way, I’ll share some tips and tricks from my own experience developing Burp extensions to help you get started.

By the end of this session, you’ll have the knowledge and resources to create Burp Suite extensions that automate tasks, integrate with other tools, and make your security testing smarter and faster.

Ken Munro will be presenting: Watt could possibly go wrong: security fails in connected eco tech 

As the shift to sustainable energy gathers pace, homes and businesses are adopting smart eco devices such as heat pumps, EV chargers, solar inverters, and power-storage batteries. These promise efficiency, automation, and environmental benefits. They also introduce new attack surfaces and often overlooked vulnerabilities. Insecure firmware, default credentials, poor network segmentation, and cloud misconfigurations are common issues. The risks are real and growing. 

 This talk explains how these devices can be exploited, what attackers are targeting, and why the convergence of energy and IT demands a fresh look at security. Drawing on real-world examples and penetration-testing insights, we will show how threat actors could manipulate energy flows, disrupt grid stability, or pivot into wider enterprise networks through eco-tech endpoints. 

Attendees will gain a practical view of the threat landscape, learn how to assess the security posture of smart energy systems, and take away actionable steps to reduce risk, whether you are a homeowner, installer, manufacturer, or security professional. The session bridges the gap between green-tech innovation and robust cyber resilience.