Static testing is testing a component or system at the specification or implementation level without the execution of the application under development. Static testing is a process of checking the code, requirements or designing documents without executing code to find errors. This testing method requires programmers or technical analysts to manually read code or use tools to find any errors.
Types of Static Testing
Static testing is of two types:
It is typically used to find and eliminate errors or ambiguities in work products such as requirements, design, or code using manual examination. Reviews are of four types:
- Peer Review
2. Static analysis
Static analysis is a tool-driven evaluation of code or other work products. Static analysis of Two types:
- Data Flow Analysis
- Control Flow Analysis
The code written by developers is analyzed (usually by tools) for structural defects.
Static analysis is essential for the following:
- Safety-critical computer systems: Systems used in aviation, medical, or nuclear software are highly complex and require a high level of code coverage which is possible only with static analysis tools.
- Security testing: Static analysis tools can be applied to the code used for implementing websites to check for possible exposure to security vulnerabilities such as code injection, cookie security, cross-site scripting, resource tampering, and SQL code injection.
- Continuous delivery/continuous deployment: Static analysis is often incorporated into automated software build and distribution tools, for example, in Agile development, continuous delivery, and continuous deployment.
Both types of static testing assess the code or other work product being tested without actually executing the code or work product being tested.