Remember these? One year on. Before ✨ stars ✨ every ✨ day!

Cognitive complexity is a software quality metric that quantifies the mental effort required to understand code. The cognitive complexity meaning refers to how difficult it is for an engineer to read, comprehend and work with a piece of code.The cognitive complexity function encompasses several key elements. Cognitive complexity starts with a base score of zero and adds points for specific code patterns: decision points, nested level, flow interruption, recursion, and logical operators. The total score reflects how challenging the code is for a human to follow. For example, a simple if statement adds 1 point. That same if statement nested inside a loop adds 2 points (1 for the condition, +1 for nesting). A nested if with multiple logical operators could add 3-4 points.High cognitive complexity slows development, increases bugs and makes code harder to maintain.Cognitive complexity is one of the most overlooked barriers to developer productivity. When code becomes difficult to understand, it slows down every part of the development process: debugging takes longer, modifications are more likely to introduce bugs and onboarding new developers becomes a costly exercise in confusion. This also applies to testers working on test automation: debugging test failures takes longer, modifications are more likely to introduce complexity, duplication or code that does not represent the desired behaviour of the system under test and onboarding new people to work on the automated tests becomes a costly exercise.

The OpenAPI Specification (OAS, formerly Swagger Specification) defines a standard, language-agnostic description format for HTTP APIs, typically written in YAML or JSON. An OpenAPI file allows you to describe your entire API, so that users can understand the capabilities of the service without access to its source code, or through network traffic inspection. OpenAPI Specifications typically including available endpoints (/users), operations on each endpoint (GET /users, POST /users) and operation parameters (input and output for each operation).

The National Cyber security Centre (NCSC) define penetration testing as: a method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might. Penetration testing should be viewed as a method for gaining assurance in your organisation's vulnerability assessment and management processes, not as a primary method for identifying vulnerabilities. A penetration test should be thought of as similar to a financial audit. Your finance team tracks expenditure and income day to day. An audit by an external group ensures that your internal team's processes are sufficient. 

A database schema defines how data is organised within a relational database. The schema includes table names, fields, data types and the relationships between these entities. Schemas and entity relationship diagrams act as valuable documentation and should be used by testing professionals to ensure data can be used by stakeholders, duplication is not introduced and the systems that utilise the database are as performant as possible.

Testers who don’t have an automation background might be unsure about the term ternary operator, which in many programming languages is a logical operator that evaluates a condition and returns the result of one of two expressions (depending on whether the boolean expression evaluates to true or false). It follows the format:variable = (condition) ? expressionIfTrue : expressionIfFalse;A ternary operator is often used to replace simple if else statements, replacing multiple lines of code with a single line. For example, this section of code returns “good day” if the hour is less than 18:00 and good evening between 18:00 and midnight. if (time < 18) { Console.WriteLine("Good day."); } else { Console.WriteLine("Good evening."); } A ternary operator can be used, with the exact same functionality: string result = (time < 18) ? "Good day." : "Good evening."; Console.WriteLine(result);

In web development, 'client side' refers to everything in a web application that is displayed or takes place on the client (end user device), for example content from markup languages (like HTML and CSS) which are interpreted by the browser. This includes what the user sees, such as text, images, and the rest of the UI, along with any actions that an application performs within the user's browser.As most websites will include client-side processes, moving away from doing everything on the server side, testers should ensure client-side validation cannot be bypassed e.g. by validating that required fields, format checks and limits enforced in the UI can’t be bypassed by disabling JavaScript, modifying requests or using developer tools. Other client-side testing should include ensuring the server does not trust client-calculated or client-provided values, especially when these relates to prices, totals or permissions. Security vulnerabilities can also be introduced by client-side logic such as exposing secrets (in JS, local storage or session storage), sensitive logic (in JS) or being susceptible to to XSS due to improper encoding.

A Command-Line Interface (CLI) is a text-based interface that allows users to interact with software or operating systems by typing commands into a terminal or console. Instead of using UI elements (buttons, menus, date pickers), users issue structured commands with options and arguments to perform tasks.Testers may use the CLI in a variety of use-cases: Running tests e.g. npx playwright test landing-page.spec.ts Environment setup e.g. docker-compose up -d test-db Searching logs e.g. grep -i 'my-error-here' * 

Eager loading, which is the contrasting development term to lazy loading, means loading all the data you need ahead of time (rather than loading related data only when accessed).For example, registered guests have associated reservations. When the hotel staff search for a guest (from the database or back end), you can eager load all the reservations as well.Eager loading everything can; slow down queries and increase memory usage, so tests should verify that only the required relationships (reservations) are loaded.Advantages and disadvantages from https://wolf-of-seo.de/en/what-is/eager-loading/Eager loading offers several advantages that can significantly improve the efficiency and performance of a website: Reduction of queries to the database: Through the eager loading all required data is loaded in a single query. This avoids multiple database queries, which significantly reduces the server load. Accelerated loading times: As fewer database queries are required, the response time of the website considerably. This leads to faster loading times and a better user experience. Improved scalability: By reducing database queries, the site is better able to handle larger amounts of data and remain scalable even as the number of users increases. Better performance for complex queries: If complex queries with many relationships between tables need to be performed, you can use eager loading to improve performance by loading all the required data at once. Eager loading also has some disadvantages that you should be aware of and test for: Possible performance: Eager loading can lead to an increased memory and processing load, since data must be loaded and cached in advance. If the amount of data is very large, this can negatively affect the performance of the application. Data inconsistency: In some cases, the eager loading lead to data inconsistencies. For example, if changes are made in a relation after the data has already been loaded, inconsistencies may occur between the already loaded data and the updated data. Complexity: Implementing eager loading can be more complex than simply loading individual data. It requires a deeper understanding of the database structure and the relationships between entities.

Connascence is a software quality metric invented by Meilir Page-Jones to allow reasoning about the complexity caused by dependency relationships in object oriented design (much like coupling did for structured design).Connascence quantifies the degree and type of dependency between software components, evaluating their strength (difficulty of change) and locality (proximity in the codebase). Two objects are connascent if object A cannot be changed without changing object B.The methodology details mine common ways of how code logic can be coupled, which are either static or dynamic. The static ones are name, type, meaning, position and algorithm. The dynamic ones are execution, timing, values and identity. A static type can be discovered by visually looking a the codebase. A dynamic type is detected at runtime and is more complex to determine.

Zero-indexed means the ordering starts at zero. A zero-indexed array starts counting positions from 0 instead of 1 so in the array ["a", "b", "c"], "a" is at index 0, "b" at index 1 and "c" at index 2.Because developers know that arrays (list) count from zero, a common bug can occur from the requirement to “select the 3rd item in the list” where an API uses zero-indexed positions. This is another example of an assumption that technical development teams might make, which is likely to differ from users expectations of the system under test.