Frontend и Backend, Database, DevOps, Highload, Mobile, Security, Requirements management, Testing, Project Management and Production for project managers, web-producers and programmers.

As well as Advanced Engineering and Machine Learning.


Oleg Bartunov
CEO @ Postgres Professional

Oleg Bartunov will speak about his way from a simple astronomer to a world-famous developer via his participation in the open source project PostgreSQL. Working in large corporations, the programmer becomes a cog in a huge machine. But creating open source software, a person keeps his identity, and sometimes has even larger professional prospects than in a commercial company. Position and career of an Open Source developer do not depend on the company management, everything is transparent here and depends only on personal contribution. Working in Open Source brings a sense of engagement in creation of a product that will be used by millions of people around the world. Oleg Bartunov will talk about his personal experience in IT-sphere, from student years at physics department at Moscow State University, astronomy studies at SAI and Santa Cruz (USA) to involvement to the international community of PostgreSQL developers and founding Postgres Professional.

Arthur Gainullin
Head @ Cryptogramm
  • What is a digital imprint and why it is important to take care of it since young age.
  • How corporations and cybercriminals get and use our data, and how we can prevent it (if we need it at all).
  • Why everything that happens on the Internet stay there forever.
  • A bit of history, real cases and practices.
  • By tradition: tips for paranoiacs.

Valentin Bartenev
Core Developer @ NGINX, Inc.

In September 2017, we released the initial beta version of our new open-source project NGINX Unit, which is now in process of active development. It is based on the unique new generation architecture and is currently able to function as a flexible and effective Application Server. From this lecture you will learn: why the new server was created, what its key advantages are, what capabilities it already offers, and what tasks it is able to perform. You will also learn about its architecture and, if time allows, its user-friendly JSON RESTful control interface that makes you able to handle your Web applications quickly without connection losses and service interruptions.

Kyrill Shipulin
Researcher @ Positive Technologies
Nizhny Novgorod
  • Why IDS is like a Swiss knife for protecting the network.
  • Signatures vs Heuristics.
  • Case study: write signatures for exploits and malware.
  • Many practical examples.
  • Bypassing IDS systems

Nikita Baksalyar
Rust-developer @ MaidSafe
Nizhny Novgorod
  • Introduction: what is Ethereum and how it works (blockchain, P2P network, transactions, smart contracts and virtual machine).
  • Solidity, ABI and function calls.
  • Security and non-strict typification in Solidity.
  • Logic errors in Solidity.
  • Case study: removal of the system library from the Ethereum network.
  • Case study: hacking Parity MultiSig.
  • Decompilation of Solidity (Porosity).
  • Serpent and vulnerability in the Compiler.

Konstantin Shakurov
Analyst, PM, Product Manager @ SimbirSoft
Aleksey Florinskiy
Deputy Director @ SimbirSoft

Do a project for a customer or for users who bring money to customer?

Why a UX specialist is needed while the project has an analyst?
Can we do without either?
How not to get customer tired of a crowd of people on the project?

In the lecture, we will answer these questions, tell about how to share responsibility and not to get “Chinese Whisper”, and demonstrate that a demanded product can be made on the first try, without the risk of major changes thereafter.

Alexander Shimansky
CEO @ StomPro

The development of any large product involves close interaction of development teams and customers.

What is a "test pad" and how can it save you nerves and time?

How not to get lost on tons of edits, how to run a project and modify it at a working enterprise changing its business processes, how not to lose the main goal among the many small bonus features and how to identify the needs of the majority?

We will tell you how to structure teams, collect quality data, establish communication between experts, and most importantly how to survive at the time of implementation.

Maksim Karev
Head of Business Intelligence @ IBS SOFT LLC

Nowadays many people want to be data scientist – i.e. analysts or, in other words, data researchers. Although this specialization has gained popularity and ignited much hype, many of those who want to become analyst or potential candidates for this job are not sure about or do not have a full understanding of how demanded this specialization will be in actual business in the immediate future. Some believe it is just a swing of fashion’s pendulum and its peak will soon pass by, others are confident that this is only the beginning, and that the future is here. In my lecture, I would like to tell you about day-to-day realities of this profession as they currently are, and to share my thoughts about the past, the present and the future of this profession in terms of actual IT consulting projects.

The lecture should be interesting, first of all, to beginner specialists, or to those who have heard about this field before and think about working in it. Also, my lecture might be interesting to business people (from oil and gas industry, metal production and energy) because it provides examples of implementation of real projects with use of advanced analysis and machine learning tools.

Sergey Popov
Production Director on Layout @ HTML Academy
St. Petersburg

Grid Layout has been with us for almost a year, but nevertheless, many people still talk about it in whisper, they are afraid to speak about it, and even more so - to use this technology. BIt os basically due to the fact that many developers give advice and judge technology, without using it. I will show popular questions about Grid Layout that are asked in the network, and give honest answers to them.

Arthur Badretdinov
Senior Mobile Engineer @ Vyng

In 2012, Uncle Bob described the Clean Architecture approach, which is designed to save developers from a headache when testing the system, changing the database or the way information is displayed. The approach is based on a standard multi-layer architecture, describing the responsibilities of each layer.

The report examines the application of the Clean Architecture approach in an Android project, where the presentation level is divided according to the MVP pattern. It will be useful both for those who are just beginning to study this question, and for those who already use it. The report considers the basic properties of the approach from the static and dynamic position, its advantages and disadvantages.

Badin Mikhail
WAF-master @ Wallarm
  • Why do we need fast WAF?
  • The stages of package processing in WAF.
  • Why is asynchronous query processing better than others?
  • Tokenization at the max.
  • Fast filtering on slow regexes.
  • What do you need to know about traffic while post-processing?

Aleksandr Serbul
Head of Integration and Implementations Quality Control @ 1C-Bitrix
Friends, we all have heard about Bid Data… But when it rushes to your company all of a sudden, fills all you free space, chases you in your nightmares and attacks from back alley, – that’s when you really want to learn techniques for dealing with Big Data, to write very robust and quick code and use readily available open tools to the fullest!
If you have made your mind up and are now ready to come to know the Zen of Big Data – then welcome to our lecture.

The lecture will tell about special features of lambda-architectures, Amazon Lambda micro services platform, and also pitfalls and successes with Node.JS and multithreaded Java. We will address the topic of efficient development and testing of reliable and stable multithreaded code.

We will share the experience of organizing an intermediate differential storage and tell you about the difficult choice to make among LMDB (lightning memory-mapped database), LevelDB (used in Bitcoin blockchain), Apache Derby and Berkeley DB.

We will tell you in detail about the tricks of using queuing infrastructure on the basis of Amazon SQS, NoSQL inв DynamoDB and system monitoring to prevent client data losses and minimize data center malfunction and failure risks.

The lecture will also be useful to developers of highly loaded and multithreaded systems who deal with large amounts of data under in challenging environments where they have to ensure high levels reliability and fault tolerance. Also, information that will be given in this lecture will be useful to managers who have to achieve specialized objectives of data storage and replication in distributed cloud projects.

Aleksandr Serbul
Head of Integration and Implementations Quality Control @ 1C-Bitrix

The lecture will tell about pilots and operational projects that have been implemented by his company using various common and "rare" machine learning algorithms: from recommender systems to deep neural networks. He will address technical implementation on java (deeplearning4j), php, python (keras/tf) platforms using Apache Mahout (Taste), Apache Lucene, Jetty, Apache Spark (including Streaming) open libraries, and an array of tools available in Amazon Web Services. He will tell why certain algorithms and libraries are important, where they are applicable and why they are demanded in the market.

We will review projects already implemented:

  • Clustering Bitrix24 users with Apache Spark;
  • predictive churn rate and CLV calculations, and other business metrics in Big Data and High Load environment;
  • collaborative recommender system with >20,000 e-stores;
  • commodity catalog clustering using LSH;
  • content-based recommender service for >100 M RuNet users;
  • neural net-based Bitrix24technical support calls classifier ( in addition to n-gramm models, we will also discuss pilots with one-dimensional convolution);
  • auto reply chat bot based on neural net that joins question and answer semantic spaces;
  • Face recognition subsystem and its use in e-commerce and CRM;

This lecture will be useful to both high-load system developers who use neural nets and other artificial intelligence systems, and managers who achieve specialized business objectives.

Alexandr Emelyanenkov
iOS developer @ Redmadrobot

The report is about the security of mobile applications.

We will freshen up in memory which data transfer protocols a mobile application uses when communicating with the server, and also how the symmetric / asymmetric encryption, the public key infrastructure and https work and what problem they solve. We will consider the ‘man in the middle’ attack type and learn how to protect from it in a mobile application.

In addition, we will get acquainted with such irreplaceable tools as Wireshark and Charles.

Vasiliy Soshnikov
Head of development group @ Mail.Ru Group

NginX is a fundamental element in almost any project.

Today, many people know how to configure NginX, write lua scripts, use it as proxy. In other words, solve problems without going beyond nginx.conf, and in most cases this is enough.

But with the growth of the project or within the framework of a certain business task, there may be a need for the NginX-module. And then there are questions and problems:

- How to write NginX-modules?

- What are the special features?

- How to deploy?

- Why are there no examples, and if there are some - they are obsolete ones?

In this report I will talk about the features of development under NginX.

We’ll start with the features of the memory model, phases of processing the request/content, and finish with the answer to the question: "When do you need your NginX-module?".

Audience: Architects, Developers

Alexandr Emelyanenkov
iOS developer @ Redmadrobot
Fedor [WireSnark]
@ DEF CON Nizhny Novgorod
Nizhny Novgorod
Roman Ananev
Head of some departments @ Simtech Development

We’ll consider the ways to get the MITM-position, conduct classical attacks on HTTPS in the browser (SSLStrip +).
We will learn to detect vulnerabilities of HTTPS-clients at the example of an Android application. We will also speak about mistakes in client-server communications.

For the workshop you will need:
  • The laptop from which you will hack the application;
  • The phone on which you will hack the applications.

Android part of the workshop will require phone with Android and such programs as bettercap, mitmproxy, openssl, adb and Android Studio (optional). It is recommended to use Kali Linux (can be live).

Roman Soroka
Project Manager @ Epam Systems

We will look at the vulnerabilities of various complex systems from software that has become history to today’s known IT solutions. We’ll talk about what should be considered when developing the architecture in terms of vulnerabilities. Do not forget to talk about control and accounting. The report will be interesting to all those who are interested in security testing or just want to know whether it is possible to take loans from banks in cash with 0% per annum.

Ruslan Zhafyarov
Project manager @ UNITS

- Vulnerability of SSL / TLS-certificate checking.

- Vulnerable software, libraries and their safe alternatives.

- Some information for paranoiacs :)

Andrey Morozov
@ Yandex.Maps

The modern world of front-end is changing with cosmic speed: demands are constantly growing, approaches are changing, new opportunities are emerging. Every year new ECMAScript standards are issued, every few months new technologies and libraries appear. In my report, I want to talk with you about how not to get stuck in legacy, but to keep up with the time. We'll discuss the history of the technological stack development, how we came to open source solutions, what difficulties we had on this way and how we coped with them.

Artem Nechunayev
Frontend Developer @
Moscow develops several products which all have their its own technological stack and unique audience. To quickly and effectively solve the problems of users of each product, it is important to know how the application behaves in a browser. The task to receive and process information in several directions:

— collecting and responding to the client part application errors;

— collection telemetry, i.e. analysis of user behavior on the page and conducting AB campaigns;

— application profiling - collection of performance metrics.

In this report, I will tell you what tool we have developed to address these issues, how it works, what problems we faced and how we solved them.

Tikhonov Pavel
iOS developer @ Mobile Dimension

I will talk about the implementation of CoreData Progressive Migration on the of Pregnancy Calendar project. We got involved in migration, as there were tasks related to the registration and authorization of users and there was a need to synchronize data between devices. My report will not cover Progressive Migration in theory, but how it all works in practice and what you should be aware of in a real project.

Kirill Klebanov
iOS developer @ Just LLC
Useful Core ML
of Reports

    The lecture will deal with Core ML technology and its capabilities. I’ll show a simple and quick way of integrating machine learning into an iOS application. On the example of image processing and analysis, we will evaluate the effectiveness and applicability of these solutions in real life. We’ll briefly speak about similar solutions for Android.

    Maxim Beloenko
    Marketing @ Google

    In 2017, many had the impression that the problem of DDoS attacks went to IoT as everyone took such great interest in botnets on video cameras. But a year later the situation changed. Attacks broke another bar. We will discuss these changes, their causes, assumptions and consequences, as well as their relationship with the development of the IoT and how to fight it.

    Andrey Alekseyev
    Senior Developer @
    St. Petersburg

    The RxJS Library is like an insuperable wall in the way of studying Angular. We will disassemble it by bricks. We will speak about the main components of the library. Let us analyze problems that can be easily solved by rx. We will see that the frightening words of ‘reactive programming’ hide quite understandable ideas.

    Main theses of the report:

    • Discussion of technical issues related to the use of the "Reactive programming" approach.
    • Examples of practical use for large projects and discussion on the effectiveness.
    • The lecture about the features of various aspects of development using the RxJS Library.