Schedule

We will talk about automatic analysis of changes in the development source code to determine changed endpoints and operations to select the minimum number of tests to run for release. We will learn about AST, LSP, working with trees, changes within git diff, asynchronous operations.

Many people pay excessive attention to TMS, forgetting about the original purpose of our work — to ensure the quality of products, preferably at the lowest cost. In the talk, we will analyze and compare different ways of organizing the work of QA engineers with an emphasis on Test cases as Code for large and fast-growing teams.

Let's look at how Python and pytest can introduce unexpected flaky behavior into API tests.

We'll condiser the terminology, analyze flaky behaviour caused by language and framework features; we'll look at specific examples: why it seems "ok", where the problem is, how to fix it, how to avoid it.

Testing speech synthesis is not the same as testing an API. There are no fields in JSON, instead there is audio, which sounds a little different each time. You will learn how QA can build E2E tests for speech synthesis and what tools turn chaos into a system.

I'll talk about PWA (what it is, how it's technically arranged), and how such applications work with various system APIs on phones.

The main part of my speech will be about the nuances of PWA test automation and how Playwright can be useful for us in such a case.

Why is it important to test passive system behavior and what tools and methods to use for this.

I'll tell you what challenges and problems we faced during the migration.

Let's talk about how operating systems appeared and developed. We will also talk about the specifics of operating system migration, nuances and bottlenecks in operating system testing processes, as well as migration issues between different operating systems. We'll share the cases that we encountered.[Uploading file...Thu Sep 04 2025 15:49:33 GMT+0300 (GMT+03:00)]

Sometimes testing is just one button short—so let’s add it ourselves. I’ll show how to build a QA-focused browser extension: autofilling forms, sending HTTP requests, interacting with the DOM, running quick checks, and saving settings.

I'll talk about the new functionality of the explyt-test plugin for IntelliJ IDEA which allows you to capture real-world Java/Kotlin code executions and automatically generate full-fledged tests based on them.

I'll explain how automation works in Linux in a simple and clear way. And finally, I'll show you how to integrate Playwright's stylish tracing into any framework.

AI is already actively changing the format of interviews: from generating tasks and evaluating candidates to attempting to replace interviewers. We will show real examples of AI agents, explain how job seekers themselves use AI (not always honestly), and provide practical tips on how to leverage these technologies for your benefit and avoid falling into traps.

I'll show you real-world examples of API attacks that can lead to system compromise, data disclosure, and unwanted actions. I will analyze several different attack cases: direct and indirect implementation of a prompt, role-playing, context change using contextual tokens.

AI agents are autonomous systems that perceive the environment, make decisions, and perform actions to achieve goals. In the talk, we will analyze specific technologies.: how agents use RAG to save memory, work with external tools via API, and coordinate in multi-agent systems.

I'll tell you about developing a plugin in the IDE, and the related issues.

I will tell you about the development of test data generation: from manual work and static generation with a template engine to fully automated one through AI agents with dynamic adaptation to changing conditions.

Many mobile testing engineers limit themselves to mechanically clicking on the screen. But behind quality testing there is a clear system, and knowledge of this system distinguishes high-level specialists. Let's look at how the basic components of Android applications are directly related to testing and how understanding them helps find bugs that others miss.

How to easily transfer the infrastructure from x86 to ARM, run Android 15 emulators in 12 threads... and along the way, write your device farm.

The talk contains a guide to accessibility testing with TalkBack: how to enable, what and how the interface should sound, and how to avoid typical errors.

I'll tell you what types of autotests we covered various functions with and what tools we used to get the best result in terms of coding costs to get full coverage.

This talk focuses on Broken Access Control (BAC) originating from business logic vulnerabilities. Using examples from bug bounty programs and real-world projects, critical issues will be examined: default permissions, integration, auto-renewal, permission collisions, revoked permissions, sequence problems, and “overheating”. The goal is to develop “hacker's mindset” for identifying and preventing hidden logical attacks on access control.

I'll show you real-world examples of API attacks that can lead to system compromise, data disclosure, and unwanted actions. I will analyze several different attack cases: direct and indirect implementation of a prompt, role-playing, context change using contextual tokens.

How we can (and should) leverage QA tools, artifacts, and processes to level up our Application Security.

I'll show you a real-world success story: how we built a completely automated tool for hunting IDOR vulnerabilities. I'll also share key insights on Dynamic Application Security Testing (DAST), specifically why understanding business logic and context is far more critical than the tools themselves.

Let's look at bugs of mobile web and PWA and where they come from. I'll show you the tools for testing web and PWA on real devices.

Let's talk about an application that consists of several parts: two mobile versions, a web interface, and a Bluetooth device for monitoring the fetal heartbeat. I’ll share how to work with this kind of ecosystem and will also touch on the specific challenges a QA specialist faces when testing with Bluetooth devices.

What types and tools of testing are critically important for web analytics; what techniques and tools exist for validating data in popular systems, and how to minimize key risks: data loss, metric distortion, performance and privacy issues.

How to implement RFC 9411 NGFW load testing using the open source Cisco TRex loader.

A ready-made solution that allows you to objectively evaluate the performance of the frontend, both client and server. I will share my practical experience in building monitoring, which will replace subjective assessments and help identify problems before user complaints.

The talk is devoted to the concept of Env tests, their role in the architecture of operator development, the practical advantages of implementation, as well as internal use experience, including limitations and ways to work with them.

This talk is not about geography, but about how to test integrations when "half of China" passes through your "test bed" per day.

I'll tell you what makes testing on a production line different from other types of testing; I'll show you what these test benches look like for different devices, and I'll tell you why each one is unique.

Implementing automation in testing of physical devices is a difficult task, especially when it comes to complex systems with a tight bundle of hardware + software. In the ATM development department, we encountered this problem when standard manual testing of ATMs began to significantly increase the delivery time, and we realized that it was time to look for a new approach.

Why we need game engines at all and why we at Blackhub Games decided to create our own.

Sharing TechRadar results.

We'll look at what types of tests are used in the pharmaceutical industry: from cellular systems that allow you to literally look inside a cell and see the action of a molecule, to computer tools and software validation.

We'll talk about what is included in the responsibilities of a test automation engineer and what is not. What can they do besides their main duties and what conditions should be created for this. Together with you we will discuss  work experience and development in this role.

The Heisenbug Program Committee invites you to an unusual quiz where familiar topics — movies, music, and logic — will be related to testing. There will be rounds with unexpected switches, questions that will test your attention and intelligence, where the speed of thought and the ability to find non-standard answers are important.

Can swearing work like doping and even save a life? Is it true that it destroys DNA, or is it just a myth? Why did swearing turn out to be "bad" at some point and how is it treated today?

Summing up the results of the conference, remembering the highlights and talking about plans.