Schedule

We will talk about automatic analysis of changes in the development source code to determine changed endpoints and operations to select the minimum number of tests to run for release. We will learn about AST, LSP, working with trees, changes within git diff, asynchronous operations.

Testing speech synthesis is not the same as testing an API. There are no fields in JSON, instead there is audio, which sounds a little different each time. You will learn how QA can build E2E tests for speech synthesis and what tools turn chaos into a system.

This talk focuses on Broken Access Control (BAC) originating from business logic vulnerabilities. Using examples from bug bounty programs and real-world projects, critical issues will be examined: default permissions, integration, auto-renewal, permission collisions, revoked permissions, sequence problems, and “overheating”. The goal is to develop “hacker's mindset” for identifying and preventing hidden logical attacks on access control.

Many mobile testing engineers limit themselves to mechanically clicking on the screen. But behind quality testing there is a clear system, and knowledge of this system distinguishes high-level specialists. Let's look at how the basic components of Android applications are directly related to testing and how understanding them helps find bugs that others miss.

How to implement RFC 9411 NGFW load testing using the open source Cisco TRex loader.

The talk is devoted to the concept of Env tests, their role in the architecture of operator development, the practical advantages of implementation, as well as internal use experience, including limitations and ways to work with them.

I'll show you real-world examples of API attacks that can lead to system compromise, data disclosure, and unwanted actions. I will analyze several different attack cases: direct and indirect implementation of prompta, role-playing, context change using contextual tokens.

I will tell and show what arsenal QA has in GameDev and will draw analogies from DOOM games to them.

Sometimes testing is just one button short—so let’s add it ourselves. I’ll show how to build a QA-focused browser extension: autofilling forms, sending HTTP requests, interacting with the DOM, running quick checks, and saving settings.

Why we need game engines at all and why we at Blackhub Games decided to create our own.

I will tell you about the development of test data generation: from manual work and static generation with a template engine to fully automated one through AI agents with dynamic adaptation to changing conditions.

Why is it important to test passive system behavior and what tools and methods to use for this.

The talk contains a guide to accessibility testing with TalkBack: how to enable, what and how the interface should sound, and how to avoid typical errors.

I'll talk about the new functionality of the explyt-test plugin for IntelliJ IDEA which allows you to capture real-world Java/Kotlin code executions and automatically generate full-fledged tests based on them.

A ready-made solution that allows you to objectively evaluate the performance of the frontend, both client and server. I will share my practical experience in building monitoring, which will replace subjective assessments and help identify problems before user complaints.

How we can (and should) leverage QA tools, artifacts, and processes to level up our Application Security.

I'll show you a real-world success story: how we built a completely automated tool for hunting IDOR vulnerabilities. I'll also share key insights on Dynamic Application Security Testing (DAST), specifically why understanding business logic and context is far more critical than the tools themselves.

AI is already actively changing the format of interviews: from generating tasks and evaluating candidates to attempting to replace interviewers. I will show real examples of AI agents, explain how job seekers themselves use AI (not always honestly), and provide practical tips on how to leverage these technologies for your benefit and avoid falling into traps.