State of Testing 2025 by Heisenbug Program Committee
Sharing TechRadar results.
Julia Atlygina
Tempo
Andrey Dmitriev
JUG Ru Group
The time in the program is for your time zone .
The program hasn’t been finally approved yet, so there still might be some changes.
Sharing TechRadar results.
Tempo
JUG Ru Group
We will talk about automatic analysis of changes in the development source code to determine changed endpoints and operations to select the minimum number of tests to run for release. We will learn about AST, LSP, working with trees, changes within git diff, asynchronous operations.
Ozon Bank
Let's look at bugs of mobile web and PWA and where they come from. I'll show you the tools for testing web and PWA on real devices.
Selectel
This talk focuses on Broken Access Control (BAC) originating from business logic vulnerabilities. Using examples from bug bounty programs and real-world projects, critical issues will be examined: default permissions, integration, auto-renewal, permission collisions, revoked permissions, sequence problems, and “overheating”. The goal is to develop “hacker's mindset” for identifying and preventing hidden logical attacks on access control.
ATI.SU
Why we need game engines at all and why we at Blackhub Games decided to create our own.
Blackhub Games
Blackhub Games
Many mobile testing engineers limit themselves to mechanically clicking on the screen. But behind quality testing there is a clear system, and knowledge of this system distinguishes high-level specialists. Let's look at how the basic components of Android applications are directly related to testing and how understanding them helps find bugs that others miss.
How to implement RFC 9411 NGFW load testing using the open source Cisco TRex loader.
InfoWatch
AI is already actively changing the format of interviews: from generating tasks and evaluating candidates to attempting to replace interviewers. We will show real examples of AI agents, explain how job seekers themselves use AI (not always honestly), and provide practical tips on how to leverage these technologies for your benefit and avoid falling into traps.
I'll tell you what challenges and problems we faced during the migration.
Koronatech
The talk is devoted to the concept of Env tests, their role in the architecture of operator development, the practical advantages of implementation, as well as internal use experience, including limitations and ways to work with them.
RSHB Digital
Many people pay excessive attention to TMS, forgetting about the original purpose of our work — to ensure the quality of products, preferably at the lowest cost. In the talk, we will analyze and compare different ways of organizing the work of QA engineers with an emphasis on Test cases as Code for large and fast-growing teams.
Ozon Bank
How to easily transfer the infrastructure from x86 to ARM, run Android 15 emulators in 12 threads... and along the way, write your device farm.
Let's talk about an application that consists of several parts: two mobile versions, a web interface, and a Bluetooth device for monitoring the fetal heartbeat. I’ll share how to work with this kind of ecosystem and will also touch on the specific challenges a QA specialist faces when testing with Bluetooth devices.
Effective
I'll show you real-world examples of API attacks that can lead to system compromise, data disclosure, and unwanted actions. I will analyze several different attack cases: direct and indirect implementation of a prompt, role-playing, context change using contextual tokens.
Let's look at how the isolation of Python and similar languages can introduce unexpected flaky behavior into API tests.
We'll condiser the terminology, analyze flaky behaviour caused by language and framework features; we'll look at specific examples: why it seems "ok", where the problem is, how to fix it, how to avoid it.
Ozon Bank
Let's talk about how operating systems appeared and developed. We will also talk about the specifics of operating system migration, nuances and bottlenecks in operating system testing processes, as well as migration issues between different operating systems. We'll share the cases that we encountered.[Uploading file...Thu Sep 04 2025 15:49:33 GMT+0300 (GMT+03:00)]
Sber
We'll look at what types of tests are used in the pharmaceutical industry: from cellular systems that allow you to literally look inside a cell and see the action of a molecule, to computer tools and software validation.
BIOCAD
I'll tell you what makes testing on a production line different from other types of testing; I'll show you what these test benches look like for different devices, and I'll tell you why each one is unique.
Yandex
КОРУС Консалтинг
AI agents are autonomous systems that perceive the environment, make decisions, and perform actions to achieve goals. In the talk, we will analyze specific technologies.: how agents use RAG to save memory, work with external tools via API, and coordinate in multi-agent systems.
Allure Team
Sometimes testing is just one button short—so let’s add it ourselves. I’ll show how to build a QA-focused browser extension: autofilling forms, sending HTTP requests, interacting with the DOM, running quick checks, and saving settings.
2ГИС
Testing speech synthesis is not the same as testing an API. There are no fields in JSON, instead there is audio, which sounds a little different each time. You will learn how QA can build E2E tests for speech synthesis and what tools turn chaos into a system.
T-Bank
How we can (and should) leverage QA tools, artifacts, and processes to level up our Application Security.
I'll show you a real-world success story: how we built a completely automated tool for hunting IDOR vulnerabilities. I'll also share key insights on Dynamic Application Security Testing (DAST), specifically why understanding business logic and context is far more critical than the tools themselves.
Ozon Fintech
I'll talk about PWA (what it is, how it's technically arranged), and how such applications work with various system APIs on phones.
The main part of my speech will be about the nuances of PWA test automation and how Playwright can be useful for us in such a case.
Ozon Bank
I'll tell you about developing a plugin in the IDE, and the related issues.
I'll talk about the new functionality of the explyt-test plugin for IntelliJ IDEA which allows you to capture real-world Java/Kotlin code executions and automatically generate full-fledged tests based on them.
Explyt
The talk contains a guide to accessibility testing with TalkBack: how to enable, what and how the interface should sound, and how to avoid typical errors.
Sber
Why is it important to test passive system behavior and what tools and methods to use for this.
Cinimex
I will tell you about the development of test data generation: from manual work and static generation with a template engine to fully automated one through AI agents with dynamic adaptation to changing conditions.
Sber
A ready-made solution that allows you to objectively evaluate the performance of the frontend, both client and server. I will share my practical experience in building monitoring, which will replace subjective assessments and help identify problems before user complaints.
2GIS
This talk is not about geography, but about how to test integrations when "half of China" passes through your "test bed" per day.
Ozon Bank
What types and tools of testing are critically important for web analytics; what techniques and tools exist for validating data in popular systems, and how to minimize key risks: data loss, metric distortion, performance and privacy issues.
ASTON
I'll tell you what types of autotests we covered various functions with and what tools we used to get the best result in terms of coding costs to get full coverage.
Ozon
Implementing automation in testing of physical devices is a difficult task, especially when it comes to complex systems with a tight bundle of hardware + software. In the ATM development department, we encountered this problem when standard manual testing of ATMs began to significantly increase the delivery time, and we realized that it was time to look for a new approach.
T-Bank
Can swearing work like doping and even save a life? Is it true that it destroys DNA, or is it just a myth? Why did swearing turn out to be "bad" at some point and how is it treated today?
Summing up the results of the conference, remembering the highlights and talking about plans.
We are actively adding to the program. Sign up for our newsletter to stay informed.