.jpg)
Amsterdam is celebrating a milestone this year: 750 years since its founding. To mark the occasion, the city is hosting numerous events, with one of the most ambitious being A10 FEST, a free party held directly on Amsterdam’s main highway, the A10, on June 21st, 2025. This isn’t just any street party: it is a once-in-a-lifetime event on a road that typically sees over 110,000 vehicles a day.
Stretching across 15 kilometres of the highway, the event features 25 unique experiences curated by over 200 Amsterdam-based creators and organisations. Visitors can dive into a vibrant blend of music, sports, art, dance, food, and family-friendly activities - a true celebration of the city’s creativity and community spirit.
Unsurprisingly, demand for tickets to this once-in-a-lifetime event was sky-high. Audience research revealed that nearly 600,000 people expressed interest in attending.
On the morning of Wednesday, May 21st (exactly one month before the party), the Municipality of Amsterdam opened up ticket registrations through a dedicated landing page. Reports indicate that over 250,000 tickets were made available for staggered time slots: morning, afternoon, and evening.
At 10:00 AM, thousands of party-people logged on simultaneously, eager to claim their spots. What happened next was a textbook example of what not to do when launching a high-traffic digital event.
A Crash in Confidence
The website buckled almost immediately under the pressure. It experienced an unanticipated surge of traffic far beyond its threshold, resulting in crashes, errors, and users staying in line for a long time. Even worse, some bad actors that managed to get through the queue quickly identified flaws in the system. The ticketing site lacked basic input validation and bot mitigation measures, allowing users to bypass limits using multiple email addresses and fake phone numbers to hoard dozens of tickets. These are issues that can be easily detected and blocked through standard QA practices and automated test cases.
Performance tests can also simulate concurrent user loads (using tools such as JMeter, Locust, or k6) and would have exposed these breaking points ahead of time. Yet, it appears none were conducted at a meaningful scale.
Some of the technical oversights include:
- Lack of effective rate limiting: Stronger session and cookie management would have made brute-force-style attacks more difficult.
- Lack of CAPTCHA or bot detection measures to filter automated activity.
- Absence of server autoscaling, or lack of pre-scaled infrastructure: Servers should have either been prepared in advance to handle peak traffic or configured with autoscaling policies. Additionally a global rate limit should have been applied to cap the number of concurrent requests hitting the server.
Avoiding a Digital Disaster
This wasn’t just a glitch. It was a failure of planning, process, and priorities. So how can you avoid this kind of high-profile failure?
1. Load and Performance Testing
Any website expected to handle high volumes of traffic, especially when dealing with something as compelling as free tickets, must undergo load testing. Tools like Apache JMeter, Gatling, and k6 allow you to simulate tens of thousands of concurrent users to identify the infrastructure’s breaking point.
Testing should include:
- Baseline load (average usage),
- Stress load (max expected + 50%), and
- Spike load (short bursts of high volume).
A robust cloud infrastructure (e.g., AWS, Azure, or GCP) should also include autoscaling policies and global CDN distribution to absorb traffic and prevent localised outages.
2. Integrate Quality Assurance and Test Engineering Early
Bringing QA in at the start, not as an afterthought, is vital. Test engineers focus on ensuring critical paths like user sign-up, ticket booking, and email verification are airtight. That includes:
- Input validation to prevent abuse,
- Edge case testing for multiple browsers/devices,
- Security testing to detect common vulnerabilities (like mass ticket farming),
- Automation testing for fast feedback loops on UI flows,
- Unit and integration testing to confirm backend logic is sound.
It’s not just about finding bugs. It’s about preventing chaos.
Reputation is Priceless
The result of this fiasco? Outrage, confusion, and disappointment. With tickets now circulating for over €200 on resale sites - despite being initially touted as free tickets - the public’s trust in the municipality’s ability to host the event is waning. If the website crashed so dramatically, what confidence do people have that the event itself will run smoothly?
From a software testing perspective, this outcome was entirely preventable. We’ve seen it time and again: rushed deployments, weak quality gates, and a lack of proper testing lead to avoidable public fallout.
So, ask yourself: is the cost of professional QA and performance testing really too high? Or is the cost of reputational damage, public backlash, and media embarrassment even higher? When quality is seen as an investment and not an afterthought, events succeed, systems scale, and people remember your event for the right reasons.
Ready to protect your organisation's reputation?