Nordic Testing Days 2026

As organizations rush to adopt Large Language Models (LLMs), many discover that building reliable, trustworthy applications is far from straightforward. Unlike traditional software, LLM outputs are non-deterministic, context-dependent, and vulnerable to issues like bias, hallucinations, and prompt injection. Ensuring quality requires more than testing—it demands a holistic approach that blends architecture, safety, observability, and continuous feedback. This talk explores practical strategies for embedding quality into LLM-powered systems from the ground up. We’ll cover methods for prompt design, evaluation frameworks, guardrails, and hybrid architectures that improve accuracy and safety. Attendees will leave with a clearer understanding of how to balance innovation with reliability and how to design AI applications that are not only powerful but also consistent, secure, and user-focused.


Key takeaways:

1. Testing LLMs requires new methods, not just old QA practices.Combine automation + human oversight for best results.
2. Build feedback and safety into the system from the start.
3. Quality is a continuous journey, not a release milestone.

Testers often need custom tools - data generators, mock services, internal dashboards, or CI helpers - but building them traditionally requires significant development effort and prioritization. With modern AI-assisted coding, we can now prototype and build these tools themselves, minimizing both engineering and maintenance efforts. In this session, I’ll show real examples of using vibe-coding to create internal testing workflows, interfaces, and CI/CD helpers. I’ll focus on where AI significantly accelerates development, where it introduces risks, and how to apply guardrails to keep these tools maintainable, secure and trustworthy.Rather than promoting “AI replaces engineers,” this talk presents AI as a practical productivity amplifier for experienced testers who understand their systems and constraints.


Key takeaways:

1. How to design and build tester-owned tools using vibe-coding without creating technical debtAttendees will learn how to approach AI-assisted development of internal testing tools (data generators, mock services, dashboards, CI helpers) with clear ownership boundaries, architectural decisions, and sustainability in mind.
2. A realistic mental model for AI-assisted coding in testing workflowsParticipants will gain a clear understanding of where vibe-coding provides real leverage for experienced testers, where it breaks down, and how to critically evaluate AI-generated code instead of blindly trusting it.
3. Practical guardrails for security, maintainability, and long-term useAttendees will leave with concrete strategies for applying constraints - such as validation, code structure, reviews, and documentation - to ensure AI-built tools remain trustworthy, auditable, and safe to evolve over time.

Performance issues often surface only when it’s too late - after deployment, when real users start to feel the impact. Load testing helps prevent that, but many teams still see it as a complex or time-consuming task. This workshop aims to show how accessible and powerful it can be using k6, an open-source, developer-friendly tool designed for modern performance testing.The session starts with a short introduction to the fundamentals of load testing: what it is, when to use it, and the different test types supported by k6 - average, stress, spike, soak, breakpoint and smoke. Participants will also get a quick overview of how k6 works under the hood and how it integrates into a development workflow.From there, we’ll move into a hands-on, guided session, beginning with a simple GET request and gradually expanding it into a complete load testing project. Each step introduces a new concept: adding thresholds and stages, randomizing requests, implementing assertions, handling errors, and organizing the project using npm and Prettier. We’ll then extend the script with multiple endpoints, visualize live results on the web dashboard, and perform authenticated requests using JWT tokens.Throughout the workshop, I’ll share real-world experiences and lessons learned from conducting load tests on different projects—what to watch out for, common pitfalls, and how to interpret the results effectively.Participants will leave with both the theoretical foundation and practical skills to start creating their own performance testing setup using k6. All examples will be built live, and attendees can follow along on their own laptops. Only basic JavaScript knowledge is required.


Key takeaways:

1. Understand the core principles of load testing and how to apply them effectively using k6 in real-world scenarios.
2. Gain hands-on experience building and running performance tests step by step—from a simple request to a full, maintainable testing suite.
3. Learn practical insights and troubleshooting techniques drawn from real project experiences, helping you avoid common pitfalls and get meaningful results faster.

How do you define yourself as a leader? How do you see your leadership? In this personal pitstop we will go over what being a leader means to you. At work, at home, or at your hobby, your leadership skills matter.  They play a huge role in how you perceive the world around you, and how others perceive you. As a leadership coach, I’ve picked up a lot of knowledge on how to help and train people on their leadership skills. In this workshop I’m sharing my best tips.We’ll look at where in your process you currently are, and where you would like to go. We will do this via small games, assessments, and observations from the group. As a group we will help each other. We will set (achievable) goals for you to work on in your ‘Leadership Plan’ that you will take home.


Key takeaways:

1. Assess and identify your leadership styleUnderstand your communication style
2. Create an achievable Leadership Plan to take home (that works!)

Pull requests, aka merge requests, are a goldmine of information that many testers are missing out on. Although pull requests are often seen as a tool mainly for developers, they offer testers an equal opportunity to provide feedback. When joining the review process testers can contribute to the software quality before changes are added to the codebase. They can use their unique perspective to uncover insights that go beyond the code. They will learn more about the bigger picture of the application. And ultimately, testers can apply these observations to their testing and help the team prevent bugs.In this talk, Andrea will introduce how testers can get involved in the pull request review process. She will demonstrate how testers can shift left and proactively engage with the source code changes. The step-by-step approach covers everything from checking policies and standards. It also includes looking at build pipelines, code changes, and unit tests. Starting with the basics, the session gives clear examples at every stage, making it easy to follow along.Andrea will highlight practical examples and insights drawn from real-life experiences, providing actionable tips on how to get the most out of pull request reviews. The session illustrates how testers can analyze pull requests for quality, learn more about the source code, and make a real impact through their feedback.At the end of the session, attendees will have a hands-on guide to reviewing pull requests. They will be ready to take a closer look at their team’s work and discover new insights, just as curious koalas explore branches to find tasty leaves of eucalyptus. It’s time for testers and their teams to realise the untapped potential of making pull request reviews a shared responsibility.


Key takeaways:

1. Understand the elements of a pull request and know about the basic principles of the Git workflow
2. Learn how to shift-left and contribute to the pull request review process
3. By the end of the session, participants will be able to start reviewing pull requests

SummarySecurity testing sounds like it might be best left to the “experts”, whoever they are, but I will share how we can include it in our day-to-day testing. From exploratory testing to API and automated testing, there are things that we can and should be doing.Through this workshop we will learn about the scope of security testing, find out about the automated tools available and then spend some time practicing basic security testing techniques like SQL Injection, Insecure Direct Object Reference and using browser developer tools.Setup- Attendees will need to bring a laptop or pair up. Any browser is fine but Chrome recommended. - Screen & HDMI/equivalent for presenting slide & demos.ActivitiesFor a 2 hour workshop:- IDOR / URL manipulation- Bypassing UI using developer tools- Cross site scripting (XSS)- SQL injectionIf a 4 hour workshop is preferred, I can add in additional activities including analysing session data and a Capture the Flag exercise.

Key takeaways:

1. Recognise that security testing is something that you can & should be doing
2. Identify the "low hanging fruit" security bugs in software
3. Execute basic penetration tests against an online system

Most of us unknowingly carry limiting beliefs about our abilities, often in the very areas where we have the most room to grow! A talented developer won't apply for a senior role because they think “I'm just not a natural leader”, never considering that leadership can be learned. Or a designer brushes off feedback believing, "Either you have an eye for design or you don't." Sound familiar?These are not signs of missing innate talent, but rather the result of a fixed mindset, a belief that your innate talent is set in stone. The good news is that this belief can be changed by adopting a growth mindset, a belief that you are capable of growing and improving. Drawing on insights from Dr. Carol S. Dweck’s pioneering research, this talk explores how a fixed mindset makes us avoid challenges and crumble at criticism, while a growth mindset helps us see both as fuel for improvement. I'll break down the real difference between fixed and growth mindset and we'll do an interactive exercise where you'll experience the shift yourself.The best part? Your potential isn't fixed. You will walk away with a practical strategy to stop protecting your ego and start building the skills necessary to get that senior role and tackling the challenges you've been avoiding.


Key takeaways:

Participants will leave this session with:

1. An understanding of how we overestimate our knowledge
2. A clear distinction between fixed mindset and growth mindset
3. Practical strategies for adopting a growth mindset

Back in 2016 at trivago, we were building a new Selenium-based test framework with Cucumber, but the standard reporting tool wasn't quite fitting our needs. It showed lots of information, but finding the key details about which scenarios failed and why meant digging through charts and stats that weren't really helpful for our workflow. During a company hackathon, I decided to build something more focused on what we actually needed to see.


I used Cucumber's JSON output and some templating to create Cluecumber—a cleaner way to view test results that puts the important stuff up front. It worked well enough that we open sourced it with company backing, and eight years later it's had about 90 releases and is being used by testing teams around the world. It's been rewarding to see something that started as a weekend project actually help other people solve similar problems.


This talk covers the technical choices behind Cluecumber, but focuses more on what I learned from maintaining an open source project. From handling feature requests and common questions to keeping code clean while adding new functionality, plus the benefits of company-backed open source for everyone involved. I'll share why sometimes building your own solution makes sense, what works well for creating tools people want to use, and some insights from eight years of project maintenance.


Key takeaways:

1. Understand why clear and concise reporting of test results is beneficial for all parties of the software development lifecycle
2. Learn about when and where our test reports help in further exploratory testing and bug tracking
3. See why it can be better to reinvent the wheel instead of going with using existing ones

People who practice test-driven development (TDD) often describe it as a powerful approach. And while they make a convincing case, nothing beats experiencing it for yourself. So that's exactly what we'll do in this workshop.


We'll start with a brief explanation of TDD's red-green-refactor cycle. Red: write a test for the next bit of functionality you want to add. Green: write the code needed to make the test pass. Refactor: improve the code and the tests. Next, it's time to put that cycle into practice implementing a fairly simple algorithm. There's very little setup needed, so you can do this in any programming language you like.


In the last part of the workshop you'll share you experiences and your code. We'll reflect on those as a group, drawing lessons from it. And we'll discuss how the red-green-refactor cycle applies, even when you're writing something that's not unit testable, like test automation.


Please complete the setup of this workshop beforehand, by following the instructions in the "Setup for the kata"-section of the workshop repo: https://codeberg.org/joeposaurus/counterstring-codekata#setup-for-the-kata. The absolute minimum setup you need to do, is make sure you're able to write code and tests in a programming languague of your choice.


Key takeaways:

1. TDD lets you take small steps with feedback at every step. 
2. TDD lets you discover the right implementation as you go.    
3. The ideas of TDD still apply when you're writing test automation.

ISO 25010, not the topic that ignites the fire in our test-hearts, right? Non-functional testing and quality characteristics are often seen as a hassle and don’t get the attention they deserve. So, what can we do to make non-functional testing fun? Let’s do something completely different!How about we make a short film script about a quality characteristic of our choice? Let's go!  Pre-screening: We show you some examples of famous films and what they can teach us about quality characteristics. We also explain what these quality characteristics mean and why they are important.   Take 1: Welcome to Testlywood, film crew! Let’s get acquainted. Create your production company and distribute the roles in your film-crew. We will explain you the various roles, such as director, art director, movie critic and others.   Take 2:  Camera, ready, action! In this round you will use a mix of generative AI & human creativity to create your filmscript and upload it to Github. Present it to the group in a 1-minute pitch. The movie critics from the other teams will provide feedback at the end of this take.  Take 3:  Use the feedback movie critics feedback to finalize your filmscript. Your script is done, splendid!  But the audiences still need to know your movie exists. Design a film poster that really captivates your core message. Submit both your filmscript and the poster as an entry for the ceremonies. Post-production:   We summarize what we learned about the quality characteristics and their role in test automation.


Key takeaways: 

1. Learn about the ISO25010 quality characteristics and their part in software testing
2. Use AI as a partner to brainstorm and create something new
3. Collaborate in a team with diverse roles

The software testing profession has been around for approximately 70 years, yet nothing has fundamentally transformed it to deliver on what it was always capable of. The majority of our industry has delivered "glorified clerical work" in the name of testing. Industry reports show that almost 70% of testing capacity is spent on testing-related activities, while only 30% is devoted to actual testing that creates real value.Organizations have been trying to automate away all things testing for decades. It never worked because the real value of testing comes from the intellectual part i.e. asking the right questions, critical evaluation, risk analysis, deep exploration, and informed decision-making. But mastering this craft requires years of investment that organizations see as overhead. Hence, the widespread acceptance of "testing as artefact-building" - easy to automate, but without substantial value.What if you could deliver at scale and speed without compromising the value real testing creates? Agentic Quality Engineering gives every tester access to expert-level thinking without years of investment. AI agents built on 47 years of combined practitioner experience based on the award-winning QCSD (Quality Conscious Software Delivery) framework, context-driven approaches, risk-based thinking, deep exploration techniques - all encoded into 41 specialized skills and 30 purpose-built agents. The agents are self-learning, building institutional knowledge over time. They collaborate with other agents, with humans, and with existing systems. This isn't automation replacing testers; it's accumulated wisdom amplifying what testers can do from day one.


Key takeaways:

1. Expert Thinking, Accessible: Leverage decades of encoded testing expertise without years of personal skill developmentHands-On Agent Orchestration: Configure, understand and run multi-agent pipelines that involve AI agents to support test activities across the entire SDLC. It includes 6 Core Agents, 2 Performance Agents, 3 Strategic Agents, 4 Advanced and 3 Specialized agents. More yet, 11 purpose-built agents for widespread coverage of important testing activities.
2. The PACT Framework: Evaluate agentic quality systems using Proactive, Autonomous, Collaborative, Targeted principles
3. Self-Learning & Collaborative Systems: Understand with practical hands-on how these agents build institutional knowledge and collaborate with humans and systemsProduction-Ready Tools: Leave with a configured environment and open-source framework (MIT license) — nothing held backPersonal Adoption Roadmap: Design a concrete plan tailored to your context with clear first steps

Observability and testing are treated as kind of separate practices in software engineering. Usually in organziation there are testing teams that focus on tests and site reliability teams that monitor applications in production.Testers find bugs before software is released and after the release, when bug occurs, we get that information from SRE teams.What if we could shift the process of monitoring system behaviour a little bit left and combine SRE practices with power of testing?


Key takeaways:

1. How to implement traces, metrics and logs in testing framework.
2. How to set up OpenSource observability backend - Grafana LGTM stack.
3. How to visualize test logs in LokiHow to visualize test metrics in PrometheusHow to visualize test traces in Tempo

Traditional software testing assumes deterministic behaviour: predictable inputs produce expected outputs. Agentic AI systems shatter this assumption. These autonomous agents make independent decisions, learn from interactions, and exhibit emergent behaviours that render traditional unit and integration testing insufficient.This talk examines critical testing challenges through three real-world case studies:Voice AI Agent: Deployed across 20+ corporate environments, this system processes natural speech, maintains conversational context, and autonomously decides what additional information to provide. Traditional testing covered individual components but missed integration issues where the agent would correctly understand "Q3 sales figures" but autonomously add irrelevant market trend analysis.Phone Caller Agent: Handling 5,000+ patient interactions for healthcare appointment scheduling and reminders. Standard integration tests passed, but the agent failed in production when encountering background noise, elderly patients requiring slower conversations, or unexpected human responses that weren't in test scenarios.Chat Agent: Processing 100+ daily customer service conversations with multi-session context retention. While individual NLP components performed well, the integrated agent exhibited unexpected behaviours during complex, multi-issue conversations that spanned several sessions.These case studies reveal five critical testing gaps:Non-deterministic behavior validation – the same inputs can produce different valid outputsContextual decision testing – validating autonomous choices about escalation, information depth, and communication styleMulti-modal integration complexity – components work individually but fail in integrated agent workflowsContinuous learning validation – ensuring agent improvements don't introduce biases or degrade existing capabilitiesReal-world variability simulation – testing across acoustic environments, human communication patterns, and infrastructure variationsThe presentation introduces a practical testing framework specifically designed for agentic systems: Behavioural Goal Testing (testing achievement rather than outputs), Probabilistic Validation (acceptable outcome ranges vs. exact matches), Adversarial Scenario Generation (systematic edge case creation), and Contextual Journey Simulation (multi-session user interactions).


Key takeaways:

1. How to test non-deterministic AI systems with confidenceParticipants will learn how to move beyond exact assertions and design test oracles based on intent, semantics, and properties, enabling reliable validation of probabilistic LLM and agent outputs.Practical frameworks for validating LLMs and multi-agent architectures
2. Attendees will gain hands-on experience testing AI systems across layers, including orchestration, inference, and inter-agent communication, using structured frameworks and real-world scenarios.
3. Actionable tools to operationalize AI quality in productionThe workshop equips participants with Python-based evaluators, red teaming techniques, and automated quality metrics that can be integrated into CI/CD pipelines and governance strategies immediately.

API testing is a core part of modern testing and delivery pipelines, yet it is often misunderstood or introduced too late. This session provides a practical introduction to REST API automation using Python, focusing on what to test, how to structure tests, and how API tests fit into a modern testing infrastructure.The workshop starts with a short overview of API testing fundamentals and common use cases. As a practical part, we'll have a hands-on walkthrough where we write REST API tests covering basic CRUD operations. Attendees will work with Python and the Requests library against a real service with well-documented APIs.I will provide a basic test framework, and we will extend it together by adding and improving tests during the session. The workshop requires Python 3.13+ installed and basic familiarity with Python to read and write test code.