You have written tests for your code and now feel safe because your code is tested. But test quality is really hard to measure. The idea seems to be to introduce “vulnerabilities” (whatever that means…) and see if your tests catch them. If they do that’s supposed to show that the tests are good and vice versa.
If that was a real card I would have hated the font of that 23 so hard