Loads, smartphones, giant companies: Heisenbug 2019 Piter program
The Heisenbug conference has been held for several years, and its main idea remains unchanged: "Testing is not only for testers." But this idea can be implemented in different ways, and each time the program has its own characteristics.
On May 17-18, the next Heisenbug will be held in St. Petersburg . What to expect from reports this time? Under the cut, we went through many of them, highlighting the general trends.
Among the reports, the most noticeable are keynotes that tear off or close the day. They do not have hard hardcore and highly specialized topics (because the audience is sitting in the hall with a different background). But there is a place for unusual ideas, and the familiar picture of the world can be served from a new angle.
- Ivan Yamshchikov is known to many, but mainly not in the testing world. Combining work at ABBYY and research at the Max Planck Institute in Leipzig, he is interested in the creative potential of neural networks (you could hear his project “Neural Defense”) and the work of the human brain. And at the conference he will present the topic “What is in common between testing and data analysis” , presenting just an unexpected view.
- Another speaker from the "neighboring area" - Neal Ford (ThoughtWorks). Neal specializes in architectural matters. At Heisenbug, he will talk about “evolutionary architecture,” which is capable of adapting to changing circumstances. But this does not mean that the word “testing” will not sound at all: we remember what the conference is about. By the way, we previously interviewed Neal for Habr.
- But Jim Holmes may be just familiar to testers. His report will focus directly on testing. But not about a specific technology or approach, but about a global question: how to change the testing culture in a company? Without this massive shift, any particular technology may be worthless. Jim we also interviewed on Habré.
If the keynotes do not require special preparation from the viewer (except for a general understanding of testing), then with the reports marked with the “hardcore” icon in the program, the opposite is true. It's no secret that distributed systems are complicated, and both reports on this topic received a hardcore badge:
- Speaker Jack Wanlightley is both an architect and an engineer. It is not surprising that he is concerned about different categories of errors: design flaws and implementation bugs. And in the report “Systematic Approach to Building Reliable Distributed Systems”, he will tell you how to deal with both of them.
- The theme of distributed systems will be developed by Nisan Haramati . Such systems are dealt with in Wallaroo Labs, where he works, and there they came to the conclusion that, in the case of them, the combination of the principles of property-based testing and end-to-end testing helps. This will be discussed.
This time there is a whole block of security reports:
- Even if you yourself are not connected with it, you may be interested in the report “Vulnerability is a lucky bug” by Artyom Shishkin . Artyom specializes in reverse engineering, works at Intel, loves low-level programming, and here you might think "the report will be for the same people, but I have nothing to do there." But in fact, his speech is designed for testers and developers of all specializations. In the report, Artyom will consider general points: which bugs are more dangerous and why, how to deal with vulnerabilities.
- Another report will also be useful not even deeply immersed in the topic of security. Of course, in 2019 you won’t surprise anyone with the words “XSS vulnerability”, only from the list of common OWASP Top 10 vulnerabilities they have not disappeared, that is, the topic does not cease to be relevant. Over the past year, Ivan Rumak found 54 XSS bugs in vulnerability search programs, including from large companies, and at Heisenbug he will share his search methodology.
- The list of possible threats is not limited to XSS, and Denis Rybin's (Digital Security) report “Request not there” is devoted to another formidable abbreviation SSRF (server side request forgery). This vulnerability is also included in OWASP Top 10. What is it, what is it threatening and how to protect yourself from it?
- If it’s not a specific type of vulnerability that interests you, but “what attack vectors for my application are possible” and “how evil hackers will start their actions in my respect”, a report by Igor Lyrchikov (Digital Security) “Recon and collecting scopes before penetration testing . "
Three reports will approach mobile applications from different angles:
- In the case of Uber, the cost of error is high: for a service of this magnitude, even a minute idle time means huge losses. Therefore, it is interesting to hear from such a company about its approach to testing - and Yuri Dymov will talk about the part that relates to iOS development.
- Timur Khasanov (VKontakte) will also talk about iOS, but not about the approach as a whole, but about a very specific question: about the correct development of UI tests for iOS with native tools.
- But Ang Lee (Google) has a report that isn’t tied to a specific platform: he will talk about the automation of mobile testing in general and consider how using one tool you can test at least Android, at least iOS, even the thermostat.
Three reports will be uploaded properly:
- Those involved in stress testing are not required to represent Alexei Lavrenyuk , who develops open source projects Yandex.Tank, Volta and Pandora. At Heisenbug, he had previously made presentations related to both Volta and Tank , and now it was the turn to deal in detail with the Pandora load generator. How it works and how to write your own Go load script for it yourself? The answers are in the report .
- Many people know how to use Apache JMeter, but do they do it optimally? JMeter is used to test performance, but what about the performance of JMeter itself? Vyacheslav Smirnov (Raiffeisenbank) in his report considers approaches to optimal scripting, which allows saving on load machines.
- Big companies are big loads. Therefore, it is not surprising that the speaker’s report from MegaFon reports exactly about the loads : Vladimir Khonin will talk about how the company approached the stress testing of Unified Billing.
MegaFon has become far from the only large company among those where the speakers of this Heisenbug work. Intel, Uber, IBM, Yandex, Google, Badoo, Salesforce - and this is not a complete list of high-profile names. We have already mentioned some of the relevant reports, and here are a couple more examples of what their employees will talk about.
- From Google as many as two representatives with different topics. We have already written about Ang Lee 's report on test automation in the mobile world, and Andrei Lushnikov will also talk about automation, but in connection with the web and Puppeteer.
- And Vladimir Solodov and Viktor Koronevich from Badoo will talk about their approach to testing payments.
The list of reports does not end there - there are those that are difficult to combine thematically with others. And also in the program changes and additions are possible. Therefore, in order to understand whether you want to attend a conference, it is most reliable to look at the program on the site : there it is always in the most current and complete state. You can buy tickets there - until May 1, they still have a discount.