This session explores how QA techniques like negative testing, session validation, and role switching can uncover vulnerabilities that typical checks might miss. You’ll see real proof-of-concept attacks in action, including request tampering and SSL pinning bypass. The session bridges theory and practice with hands-on demos that highlight actual risks. You’ll walk away with practical defenses you can apply immediately in your Mendix apps.