Loads, smartphones, giant companies: Heisenbug 2019 Piter program

The Heisenbug conference has been going on for years, and its main idea remains the same: “Testing is not just for testers.” But you can implement this idea in different ways, and each time the program has its own characteristics.

May 17-18, the next Heisenbug will take place in St. Petersburg . What to expect from the reports this time? Under the cut, we walked through many of them, highlighting general trends.

Keynouts

')
Among the reports, keynotes are the most noticeable, which tear off or close the day. There are no hardcore or highly specialized themes in them (because viewers with different backgrounds are sitting in the hall). But there is a place for unusual ideas, and the usual picture of the world can be served from a new perspective.

• Ivan Yamshchikov is known to many, but mostly not in the world of testing. Combining ABBYY’s work and research at the Max Planck Institute in Leipzig, he is interested in the creative potential of neural networks (you could hear his project “Neural Defense”) and the work of the human brain. At the conference, he will come up with the topic “What is common between testing and data analysis,” presenting a look from an unexpected side.
• Another speaker from the “neighboring area” is Neil Ford (ThoughtWorks). Neil specializes in architectural issues. At Heisenbug, he will talk about an “evolutionary architecture” that can adapt to changing circumstances. But this does not mean that the word "testing" will not sound at all: we remember what the conference is dedicated to. By the way, we previously interviewed Nil for Habr.
• But Jim Holmes may be just familiar testers. In his report, we will talk directly about testing. But not about a specific technology or approach, but about a global issue: how to change the testing culture in a company? Without this large-scale shift, any specific technology may be useless. Jim we also interviewed on Habré.

Distributed hardcore

If keinouts do not require special training from the viewer (except for a general understanding of testing), then with reports labeled “hardcore” in the program, the opposite is true. It is no secret that distributed systems are difficult, and both reports on this topic received a hardcore icon:

• Speaker Jack Vanlightly is both an architect and an engineer. It is not surprising that he is worried about various categories of errors: design flaws and implementation bugs. And in the report “A systematic approach to building reliable distributed systems,” he will tell you how to deal with both.
• The theme of distributed systems will be developed by Nissan Haramati . Such systems are dealt with in Wallaroo Labs, where he works, and there they came to the conclusion that, in the case of them, the combination of property-based testing and end-to-end testing helps. This will be discussed.

Security

This time there is a whole block of security reports:

• Even if you yourself are not connected with it, you may be interested in the report “Armor Shishkin 's Vulnerability is a lucky bug.” Artyom specializes in reverse engineering, works at Intel, loves low-level programming, and then you might think "the report will be for the same people, but I have nothing to do there." But in fact, his performance is designed for testers and developers of all specializations. In the report, Artyom will consider common points: what bugs are more dangerous and why, how are they fighting against vulnerabilities.
• Another report will also be useful even if you are not deeply immersed in the topic of security. Of course, in 2019, the words “XSS-vulnerability” will not surprise anyone, only from the list of common vulnerabilities in OWASP Top 10, they have not gone away, that is, the topic does not cease to be relevant. Over the past year, Ivan Rumak found 54 XSS-bugs in vulnerability scan programs, including those from large companies, and he will share his search methodology on Heisenbug.
• The list of possible threats is not limited to XSS, and the report of Denis Rybin (Digital Security) “The request is not there” is devoted to another formidable abbreviation SSRF (server side request forgery). This vulnerability is also included in the OWASP Top 10. What is it, what does it threaten and how to protect against it?
• If it’s not some particular type of vulnerability that is interested in, but “which attack vectors for my application are possible” and “how malicious hackers will start their actions in my attitude”, then the report of Igor Lyrchikov (Digital Security) penetration testing . "

Mobile Testing

Three reports will suit mobile applications from different angles:

• In the case of Uber, the cost of the error is high: for a service of this scale, even a minute downtime means huge losses. Therefore, from such a company it is interesting to hear about its approach to testing - and Yuri Dymov will tell about the part that relates to iOS development.
• Timur Khasanov (VKontakte) will also talk about iOS, but not about the approach as a whole, but about a very specific question: about the proper development of UI-tests for iOS with native tools.
• But Eng Lee (Google) does not attach a report to a specific platform: he will talk about mobile testing automation in general and consider how with one tool you can test at least Android, at least iOS, even a thermostat.

Stress Testing

Three reports will be downloaded as follows:

• Those who are engaged in load testing are not required to submit Alexey Lavrenyuk , who develops open-source projects Yandex.Tank, Volta and Pandora. At Heisenbug, he had previously made presentations related to both Volta and Tank , and now it’s the turn to deal in detail with the Pandora load generator. How does it work and how can you write your own script for Go? Answers - in the report .
• Many people know how to use Apache JMeter, but do they do it optimally? With JMeter, they test performance, but what about the performance of the JMeter itself? Vyacheslav Smirnov (Raiffeisenbank) in his report considers approaches to the optimal scripting, which saves on load machines.
• Big companies are big loads. Therefore, it is not surprising that the speaker’s report from MegaFon is about loadings: Vladimir Khonin will talk about how the company approached load testing of Unified Billing.

Large companies

MegaFon was far from being the only large company among those where the speakers of this Heisenbug work. Intel, Uber, IBM, Yandex, Google, Badoo, Salesforce - and this is not a complete list of high-profile names. We have already mentioned some of the relevant reports, and here are a couple of examples of what their employees will be talking about.

• From Google, as many as two representatives with different themes. We have already written about Eng Lee 's report on test automation in the mobile world, and Andrei Lushnikov will also talk about automation, but in connection with the web and Puppeteer.
• And Vladimir Solodov and Viktor Koronevich from Badoo will talk about their approach to testing payments.

Rest

This list of reports does not end there - there are those that are difficult thematically combined with others. And in the program changes and additions are possible. Therefore, in order to understand whether you want to go to a conference, it’s most reliable to look at the program on the website : there it is always in the most current and complete state. You can buy tickets in the same place - until May 1, they still have a discount.