Software testing is an essential part of the software development journey. It is the testing part that determines the quality and performance of the application. Testing is majorly done by two methods- Static testing and Dynamic testing. Both Dynamic testing and Static testing have their own functionalities, so let’s take a look at both of the methods and evaluate their pros and cons:
Static testing is done manually or with a set of tools. Here, the tester checks the code, design documents, requirement document and gives review comments on the work document. For software that is non-operational and inactive, security testing is performed to analyze the software in a non run-time environment. This type of testing is useful in highlighting code flaws. Static testing takes place in an early phase of development cycle, so it is also referred to as verification testing. Requirement specifications, design documents, source code, test plans, test scripts, test cases, and web page content, all these have to pass the static testing. By a proper static testing, around 85% flaws of a software can be detected.
Static testing techniques:
- Informal reviews: Here no formal review method is applied. The team of reviewers just checks the documents and give comments. The purpose is to maintain the quality from the initial stage. It is non-documented in nature
- Formal Reviews: It is well structured and documented and follow six main steps: Planning, kick off, preparation, review meeting, rework follow-up
- Technical Reviews: The team of technical experts will review the software for technical specifications. The purpose is to pin out the difference between the required specification and product designed and then correct the flaws. It focuses on technical documents such as test strategy, test plan, and requirement specification documents.
- Walk-through: The author explains about the software to the team and teammates can raise questions if they have any. It is headed by the author and review comments are noted down.
- Inspection Process: The meeting is headed by a trained moderator. A formal review is done, a record is maintained for all the errors and the authors are informed to make rectification on the given feedbacks.
- Static code review: Code is reviewed without execution, it is checked for syntax, coding standard, and code optimization. It is also referred as white box testing.
Advantages of Static Testing:
- Helps in identifying the flaws in code
- The testing is conducted by trained software developers with good knowledge of coding
- It is fast and easy way to find and fix the errors
- With automated tools, it becomes quite fast to scan and review the software
- The use of Automated tools provides mitigation recommendations
- With static testing it is possible to find errors at an early stage of development life cycle, thus, in turn, reduces the cost of fixing.
Disadvantages of Static Testing:
- Demand great amount of time when done manually
- Automated tools works with few programming languages
- Automated tools may provide false positives and false negatives
- Automated tools only scan the code
- Automated tools cannot pinpoint weak points that may create troubles in run-time
Unlike Static testing, in Dynamic testing, the code is executed to check how software will perform in a run-time environment. The testing checks its functional behavior, CPU usage, and overall performance. The purpose of dynamic testing is to ensure that the end product is designed according to the business requirement given by the clients. It is also known as validation or execution testing.
Dynamic testing validates the output with the expected outcome. It is conducted at all levels and can be either black or white box testing.
Dynamic Testing Techniques:
- Unit testing: As the name suggests individual units or modules are tested. The source code is tested by the developers
- Integration Testing: Individual modules are clubbed and tested by the developers. It is performed in order to ensure that modules are working in a right manner and will continue to perform flawlessly even after integration
- System Testing: It is performed on a complete system to ensure that the application is designed according to the requirement specification document.
Advantages of Dynamic code analysis
- Dynamic coding helps in identifying weak areas in a run-time environment
- Dynamic testing supports analysis of applications even if the tester does not have the actual code.
- It identifies weak areas that are hard to be found with static code analysis
- It allows validating static code analysis findings
- It can be applied with any application
Dynamic code analysis limitations:
- Automated tools may give a false security that everything is checked
- Automated tools can generate false positives and false negatives
- It is not easy to find a trained professional for dynamic testing
- It is difficult to trace the vulnerability in the code, and it takes longer to fix the problem. Thus, it becomes costly to fix the errors
Verification (static testing) and Validation (dynamic testing) are two methods used for software testing and development companies can use both methods to design and deliver flawless software.